2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6

Analysis

max time kernel
69s
max time network
151s
platform
debian-9_mips
resource
debian9-mipsbe-20240729-en
resource tags

arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
28-09-2024 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
Size

129KB
MD5

fbe51695e97a45dc61967dc3241a37dc
SHA1

1ed14334b5b71783cd6ec14b8a704fe48e600cf0
SHA256

2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6
SHA512

c35eab56ba59beb2ec2b362e4d1aae734fadc2d9db1d720439337dcade13ec9c7b68da9d03821efc7277abaf9bace342ff35593373e04c67327d5f7db460ad8a
SSDEEP

3072:/TNVO/QJHZcfFj4rwLQGTNO5VZLwHm7vuQTpZUyY6cot:7O/QJHZweEL/NOjCHm7FZZncI

Score

9^/10

defense_evasion discovery persistence upx

Malware Config

Signatures

Contacts a large (10270) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Patched UPX-packed file 1 IoCs
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

Processes:

resource yara_rule

/usr/networks patched_upx

resource	yara_rule
/usr/networks	patched_upx

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

Processes:

fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

description	ioc	process
File opened for modification	/dev/misc/watchdog	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
File opened for modification	/dev/watchdog	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
discovery

System Network Connections Discovery
T1049

Processes:

fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

description ioc process

File opened for reading /proc/net/tcp fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
Enumerates running processes
Discovers information about currently running processes on the system

Modifies init.d 2 TTPs 4 IoCs

Adds/modifies system service, likely for persistence.

persistence

Boot or Logon Autostart Execution

T1547

RC Scripts

T1037.004

Processes:

fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

description	ioc	process
File opened for modification	/etc/init.d/S95baby.sh	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
File opened for modification	/etc/init.d/keyboard-setup.sh	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
File opened for modification	/etc/init.d/console-setup.sh	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
File opened for modification	/etc/init.d/hwclock.sh	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
discovery

Internet Connection Discovery
T1016.001

Processes:

fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

description ioc process

File opened for reading /proc/net/route fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

description	ioc	process
File opened for reading	/proc/net/route	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

Writes file to system bin folder 2 IoCs

Processes:

fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

description	ioc	process
File opened for modification	/sbin/watchdog	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
File opened for modification	/bin/watchdog	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

/usr/networks upx
Changes its process name 1 IoCs

Processes:

fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

description ioc pid process

Changes the process name, possibly in an attempt to hide itself sshd 714 fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

resource	yara_rule
/usr/networks	upx

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	sshd	714	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

Reads system network configuration 1 TTPs 3 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

Processes:

fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

description	ioc	process
File opened for reading	/proc/net/tcp	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
File opened for reading	/proc/net/raw	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
File opened for reading	/proc/net/route	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

killallfbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

description	ioc	process
File opened for reading	/proc/21/stat	killall
File opened for reading	/proc/68/stat	killall
File opened for reading	/proc/109/stat	killall
File opened for reading	/proc/329/stat	killall
File opened for reading	/proc/434/stat	killall
File opened for reading	/proc/2/stat	killall
File opened for reading	/proc/3/stat	killall
File opened for reading	/proc/4/stat	killall
File opened for reading	/proc/334/stat	killall
File opened for reading	/proc/380/stat	killall
File opened for reading	/proc/703/stat	killall
File opened for reading	/proc/709/stat	killall
File opened for reading	/proc/5/stat	killall
File opened for reading	/proc/18/stat	killall
File opened for reading	/proc/20/stat	killall
File opened for reading	/proc/77/stat	killall
File opened for reading	/proc/78/stat	killall
File opened for reading	/proc/179/stat	killall
File opened for reading	/proc/15/stat	killall
File opened for reading	/proc/23/stat	killall
File opened for reading	/proc/69/stat	killall
File opened for reading	/proc/703/cmdline	killall
File opened for reading	/proc/7/stat	killall
File opened for reading	/proc/83/stat	killall
File opened for reading	/proc/160/stat	killall
File opened for reading	/proc/328/stat	killall
File opened for reading	/proc/714/stat	killall
File opened for reading	/proc/12/stat	killall
File opened for reading	/proc/13/stat	killall
File opened for reading	/proc/126/cmdline	killall
File opened for reading	/proc/73/stat	killall
File opened for reading	/proc/74/stat	killall
File opened for reading	/proc/702/cmdline	killall
File opened for reading	/proc/716/cmdline	killall
File opened for reading	/proc/1/stat	killall
File opened for reading	/proc/10/stat	killall
File opened for reading	/proc/11/stat	killall
File opened for reading	/proc/36/stat	killall
File opened for reading	/proc/155/cmdline	killall
File opened for reading	/proc/385/stat	killall
File opened for reading	/proc/702/stat	killall
File opened for reading	/proc/filesystems	killall
File opened for reading	/proc/16/stat	killall
File opened for reading	/proc/17/stat	killall
File opened for reading	/proc/9/stat	killall
File opened for reading	/proc/72/stat	killall
File opened for reading	/proc/377/stat	killall
File opened for reading	/proc/37/stat	killall
File opened for reading	/proc/707/stat	killall
File opened for reading	/proc/361/stat	killall
File opened for reading	/proc/388/stat	killall
File opened for reading	/proc/678/stat	killall
File opened for reading	/proc/714/cmdline	killall
File opened for reading	/proc/self/exe	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
File opened for reading	/proc/8/stat	killall
File opened for reading	/proc/14/stat	killall
File opened for reading	/proc/mounts	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
File opened for reading	/proc/6/stat	killall
File opened for reading	/proc/675/stat	killall
File opened for reading	/proc/715/stat	killall
File opened for reading	/proc/716/stat	killall
File opened for reading	/proc/718/stat	killall
File opened for reading	/proc/22/stat	killall
File opened for reading	/proc/81/stat	killall

System Network Configuration Discovery 1 TTPs 22 IoCs
Adversaries may gather information about the network configuration of a system.
discovery

System Network Configuration Discovery
T1016

Processes:

shshshshshshshshshshshshshshshshshshshshshsh

pid process

845 sh
859 sh
873 sh
916 sh
920 sh
871 sh
889 sh
907 sh
841 sh
849 sh
857 sh
861 sh
895 sh
924 sh
903 sh
928 sh
827 sh
869 sh
877 sh
881 sh
891 sh
901 sh

pid	process
845	sh
859	sh
873	sh
916	sh
920	sh
871	sh
889	sh
907	sh
841	sh
849	sh
857	sh
861	sh
895	sh
924	sh
903	sh
928	sh
827	sh
869	sh
877	sh
881	sh
891	sh
901	sh

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

Processes:

fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

description	ioc	process
File opened for modification	/tmp/.ips	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
File opened for modification	/tmp/.config	fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118

/tmp/fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
/tmp/fbe51695e97a45dc61967dc3241a37dc_JaffaCakes118
1⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Modifies init.d
- Reads system routing table
- Writes file to system bin folder
- Changes its process name
- Reads system network configuration
- Reads runtime system information
- Writes file to tmp directory
PID:711
- /bin/sh
  sh -c "killall -9 telnetd utelnetd scfgmgr"
  2⤵
  PID:715
- - /usr/bin/killall
    killall -9 telnetd utelnetd scfgmgr
    3⤵
    - Reads runtime system information
    PID:717
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --destination-port 47933 -j ACCEPT"
  2⤵
  PID:823
- - /sbin/iptables
    iptables -I INPUT -p tcp --destination-port 47933 -j ACCEPT
    3⤵
    PID:824
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --source-port 47933 -j ACCEPT"
  2⤵
  - System Network Configuration Discovery
  PID:827
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --source-port 47933 -j ACCEPT
    3⤵
    PID:830
- /bin/sh
  sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 47933 -j ACCEPT"
  2⤵
  PID:831
- - /sbin/iptables
    iptables -I PREROUTING -t nat -p tcp --destination-port 47933 -j ACCEPT
    3⤵
    PID:832
- /bin/sh
  sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 47933 -j ACCEPT"
  2⤵
  - System Network Configuration Discovery
  PID:841
- - /sbin/iptables
    iptables -I POSTROUTING -t nat -p tcp --source-port 47933 -j ACCEPT
    3⤵
    PID:842
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --dport 47933 -j ACCEPT"
  2⤵
  PID:843
- - /sbin/iptables
    iptables -I INPUT -p tcp --dport 47933 -j ACCEPT
    3⤵
    PID:844
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --sport 47933 -j ACCEPT"
  2⤵
  - System Network Configuration Discovery
  PID:845
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --sport 47933 -j ACCEPT
    3⤵
    PID:846
- /bin/sh
  sh -c "iptables -I PREROUTING -t nat -p tcp --dport 47933 -j ACCEPT"
  2⤵
  PID:847
- - /sbin/iptables
    iptables -I PREROUTING -t nat -p tcp --dport 47933 -j ACCEPT
    3⤵
    PID:848
- /bin/sh
  sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 47933 -j ACCEPT"
  2⤵
  - System Network Configuration Discovery
  PID:849
- - /sbin/iptables
    iptables -I POSTROUTING -t nat -p tcp --sport 47933 -j ACCEPT
    3⤵
    PID:850
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --destination-port 22 -j DROP"
  2⤵
  PID:851
- - /sbin/iptables
    iptables -I INPUT -p tcp --destination-port 22 -j DROP
    3⤵
    PID:852
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --destination-port 23 -j DROP"
  2⤵
  PID:853
- - /sbin/iptables
    iptables -I INPUT -p tcp --destination-port 23 -j DROP
    3⤵
    PID:854
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --destination-port 2323 -j DROP"
  2⤵
  PID:855
- - /sbin/iptables
    iptables -I INPUT -p tcp --destination-port 2323 -j DROP
    3⤵
    PID:856
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --source-port 22 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:857
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --source-port 22 -j DROP
    3⤵
    PID:858
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --source-port 23 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:859
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --source-port 23 -j DROP
    3⤵
    PID:860
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --source-port 2323 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:861
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
    3⤵
    PID:862
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --dport 22 -j DROP"
  2⤵
  PID:863
- - /sbin/iptables
    iptables -I INPUT -p tcp --dport 22 -j DROP
    3⤵
    PID:864
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --dport 23 -j DROP"
  2⤵
  PID:865
- - /sbin/iptables
    iptables -I INPUT -p tcp --dport 23 -j DROP
    3⤵
    PID:866
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --dport 2323 -j DROP"
  2⤵
  PID:867
- - /sbin/iptables
    iptables -I INPUT -p tcp --dport 2323 -j DROP
    3⤵
    PID:868
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --sport 22 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:869
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --sport 22 -j DROP
    3⤵
    PID:870
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --sport 23 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:871
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --sport 23 -j DROP
    3⤵
    PID:872
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --sport 2323 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:873
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --sport 2323 -j DROP
    3⤵
    PID:874
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
  2⤵
  PID:875
- - /sbin/iptables
    iptables -I INPUT -p tcp --destination-port 58000 -j DROP
    3⤵
    PID:876
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:877
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
    3⤵
    PID:878
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
  2⤵
  PID:879
- - /sbin/iptables
    iptables -I INPUT -p tcp --dport 58000 -j DROP
    3⤵
    PID:880
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:881
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --sport 58000 -j DROP
    3⤵
    PID:882
- /bin/sh
  sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
  2⤵
  PID:883
- /bin/sh
  sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
  2⤵
  PID:884
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
  2⤵
  PID:885
- - /sbin/iptables
    iptables -I INPUT -p tcp --destination-port 35000 -j DROP
    3⤵
    PID:886
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
  2⤵
  PID:887
- - /sbin/iptables
    iptables -I INPUT -p tcp --destination-port 50023 -j DROP
    3⤵
    PID:888
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:889
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
    3⤵
    PID:890
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:891
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
    3⤵
    PID:892
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
  2⤵
  PID:893
- - /sbin/iptables
    iptables -I INPUT -p tcp --destination-port 7547 -j DROP
    3⤵
    PID:894
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:895
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
    3⤵
    PID:896
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
  2⤵
  PID:897
- - /sbin/iptables
    iptables -I INPUT -p tcp --dport 35000 -j DROP
    3⤵
    PID:898
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
  2⤵
  PID:899
- - /sbin/iptables
    iptables -I INPUT -p tcp --dport 50023 -j DROP
    3⤵
    PID:900
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:901
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --sport 50023 -j DROP
    3⤵
    PID:902
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:903
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --sport 35000 -j DROP
    3⤵
    PID:904
- /bin/sh
  sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
  2⤵
  PID:905
- - /sbin/iptables
    iptables -I INPUT -p tcp --dport 7547 -j DROP
    3⤵
    PID:906
- /bin/sh
  sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
  2⤵
  - System Network Configuration Discovery
  PID:907
- - /sbin/iptables
    iptables -I OUTPUT -p tcp --sport 7547 -j DROP
    3⤵
    PID:908
- /bin/sh
  sh -c "iptables -I INPUT -p udp --destination-port 17250 -j ACCEPT"
  2⤵
  PID:914
- - /sbin/iptables
    iptables -I INPUT -p udp --destination-port 17250 -j ACCEPT
    3⤵
    PID:915
- /bin/sh
  sh -c "iptables -I OUTPUT -p udp --source-port 17250 -j ACCEPT"
  2⤵
  - System Network Configuration Discovery
  PID:916
- - /sbin/iptables
    iptables -I OUTPUT -p udp --source-port 17250 -j ACCEPT
    3⤵
    PID:917
- /bin/sh
  sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 17250 -j ACCEPT"
  2⤵
  PID:918
- - /sbin/iptables
    iptables -I PREROUTING -t nat -p udp --destination-port 17250 -j ACCEPT
    3⤵
    PID:919
- /bin/sh
  sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 17250 -j ACCEPT"
  2⤵
  - System Network Configuration Discovery
  PID:920
- - /sbin/iptables
    iptables -I POSTROUTING -t nat -p udp --source-port 17250 -j ACCEPT
    3⤵
    PID:921
- /bin/sh
  sh -c "iptables -I INPUT -p udp --dport 17250 -j ACCEPT"
  2⤵
  PID:922
- - /sbin/iptables
    iptables -I INPUT -p udp --dport 17250 -j ACCEPT
    3⤵
    PID:923
- /bin/sh
  sh -c "iptables -I OUTPUT -p udp --sport 17250 -j ACCEPT"
  2⤵
  - System Network Configuration Discovery
  PID:924
- - /sbin/iptables
    iptables -I OUTPUT -p udp --sport 17250 -j ACCEPT
    3⤵
    PID:925
- /bin/sh
  sh -c "iptables -I PREROUTING -t nat -p udp --dport 17250 -j ACCEPT"
  2⤵
  PID:926
- - /sbin/iptables
    iptables -I PREROUTING -t nat -p udp --dport 17250 -j ACCEPT
    3⤵
    PID:927
- /bin/sh
  sh -c "iptables -I POSTROUTING -t nat -p udp --sport 17250 -j ACCEPT"
  2⤵
  - System Network Configuration Discovery
  PID:928
- - /sbin/iptables
    iptables -I POSTROUTING -t nat -p udp --sport 17250 -j ACCEPT
    3⤵
    PID:929

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Boot or Logon Initialization Scripts

T1037

RC Scripts

T1037.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Boot or Logon Initialization Scripts

T1037

RC Scripts

T1037.004

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/rcS.d/S95baby.sh

Filesize
25B

MD5
1b3235ba10fc04836c941d3d27301956

SHA1
8909655763143702430b8c58b3ae3b04cfd3a29c

SHA256
01ba1fb41632594997a41d0c3a911ae5b3034d566ebb991ef76ad76e6f9e283a

SHA512
98bdb5c266222ccbd63b6f80c87e501c8033dc53b0513d300b8da50e39a207a0b69f8cd3ecc4a128dec340a1186779fedd1049c9b0a70e90d2cb3ae6ebfa4c4d

Download Submit
/tmp/.config

Filesize
147B

MD5
b8a8f466da2abb274b5da8a184d10172

SHA1
2444c38c3462702bf815cf4e37100214824b76e6

SHA256
74c9b3a712c3e883f3d0181d64bb83d4aa02f1619615f4f584441e4ae4de0936

SHA512
33dfaaae402915c324acb901a94deac1c6f4b2773bdd9fc5e61fed5fd848570a699abcf3f178f8c2b2bdf527dd10a40edaefbe43b94f6e2f1d8e69ebd681768f

Download Submit
/usr/networks

Filesize
129KB

MD5
fbe51695e97a45dc61967dc3241a37dc

SHA1
1ed14334b5b71783cd6ec14b8a704fe48e600cf0

SHA256
2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6

SHA512
c35eab56ba59beb2ec2b362e4d1aae734fadc2d9db1d720439337dcade13ec9c7b68da9d03821efc7277abaf9bace342ff35593373e04c67327d5f7db460ad8a

Download Submit
memory/711-1-0x00400000-0x004bac18-memory.dmp

Download

pid	process
845	sh
859	sh
873	sh
916	sh
920	sh
871	sh
889	sh
907	sh
841	sh
849	sh
857	sh
861	sh
895	sh
924	sh
903	sh
928	sh
827	sh
869	sh
877	sh
881	sh
891	sh
901	sh

pid	process
845	sh
859	sh
873	sh
916	sh
920	sh
871	sh
889	sh
907	sh
841	sh
849	sh
857	sh
861	sh
895	sh
924	sh
903	sh
928	sh
827	sh
869	sh
877	sh
881	sh
891	sh
901	sh

pid	process
845	sh
859	sh
873	sh
916	sh
920	sh
871	sh
889	sh
907	sh
841	sh
849	sh
857	sh
861	sh
895	sh
924	sh
903	sh
928	sh
827	sh
869	sh
877	sh
881	sh
891	sh
901	sh