From the video, I can see the attacker’s goal was to implement the downloaded tools. Package called flood.tgz has been downloaded and decompressed to local drive.
The attacker tried to executed one of the tools called “httpd”. However it failed. After realized the hacked server do not have enough capability to run the tool, the attacker have executed rm -rf to the folder.
To get more further in my analysis, I have ran Zerowine (http://zerowine.sourceforge.net/) to analyze the program called “httpd” form the attacker. I have only use strings feature on zerowine to see whats inside the “httpd”.
From the video you can see a strings came from the “httpd”. Its so obvious the attacker wants to run some sort of bot. The bot will connect to the selected server and will get control from the master once the bot successfully propagated.